Wolfram|Alpha: Systematic knowledge, immediately computable.

Wednesday, April 28, 2010

I Windows 7 Event Logging!

I was recently debugging a couple of applications, and was trapping some events as part of the process. I forget how useful the Event Viewer is in general, and particularly with the greatly enhanced functionality in Windows 7/Vista.

Two of the really cool features are the ability to build sophisticated custom filters and views, allowing you to focus on exactly what you're looking for, and the ability to create events on events.

For example, the following XPath query for a filter/view allows me to trap a specific event for a specifc PID, excluding all other 'noise' in the event log:
  
<QueryList>
   <Query Id="0"
     Path="Microsoft-Windows-Winsock-AFD/Operational">
      <Select Path="Microsoft-Windows-Winsock-AFD/Operational">
         *[System[Execution[@ProcessID="3141"]]]
            and *[System[EventID="1000"]]
      </Select>
   </Query>
</QueryList>

Equally cool, I can assign tasks to any event/view/filtered view such that the system will notify me with a dialog, E-Mail me, or start any arbitrary program.

Hugely useful, allowing efficient, quick & dirty debugging without even needing to fire up a real debugger, and as an incredibly useful ancillary to formal debugging.

No comments:

Post a Comment