< Back
Send-EtwTraceSession
Post
NAME Send-EtwTraceSession
SYNOPSIS
Copies ETW trace sessions to a folder.
SYNTAX
Send-EtwTraceSession [-Name] <String[]> [-CimSession <CimSession[]>] [-DeleteAfterSend] [-ThrottleLimit <Int32>] -DestinationFolder <String>
[<CommonParameters>]
Send-EtwTraceSession [-CimSession <CimSession[]>] [-DeleteAfterSend] [-ThrottleLimit <Int32>] -DestinationFolder <String> [<CommonParameters>]
DESCRIPTION
The Send-EtwTraceSession cmdlet copies Event Trace for Windows (ETW) trace sessions to a folder. After you send the sessions to a specified
destination folder, use an analysis tool, such as Microsoft Message Analyzer, to read them.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DeleteAfterSend [<SwitchParameter>]
Indicates that this cmdlet deletes the local copy of the original trace file after this cmdlet successfully sends a snapshot to the specified
location.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DestinationFolder <String>
Specifies the location where this cmdlet stores ETW trace sessions.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Name <String[]>
Specifies an array of names of sessions to send to the destination folder.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of
zero is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are
running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
The return values consist of a Win32 error code and a value returned by the cmdlet. The codes have the following meanings:
0: Success. New file created. Existing file copied to the destination folder. Existing file deleted, if specified.
1: CreateNewFileFailed. Operation halts at this point if a new file is not created.
2: CopyFileFailed. New file created.
3: DeleteOldFileFailed. New file created. Existing file copied to the destination folder.
Example 1: Send a trace session to a folder
PS C:\\>Send-EtwTraceSession ????????Name "WFP-IPsec Trace" ????????DestinationFolder "\\\\server17\\traces\\" -DeleteExistingFileAfterSend
This command sends an ETW trace session named WFP-IPsec Trace to the destination folder \\\\server17\\traces\\. The command deletes the local copy of
the original trace after it is successfully copied.
RELATED LINKS
Get-EtwTraceSession
Remove-EtwTraceSession
Set-EtwTraceSession
SYNOPSIS
Copies ETW trace sessions to a folder.
SYNTAX
Send-EtwTraceSession [-Name] <String[]> [-CimSession <CimSession[]>] [-DeleteAfterSend] [-ThrottleLimit <Int32>] -DestinationFolder <String>
[<CommonParameters>]
Send-EtwTraceSession [-CimSession <CimSession[]>] [-DeleteAfterSend] [-ThrottleLimit <Int32>] -DestinationFolder <String> [<CommonParameters>]
DESCRIPTION
The Send-EtwTraceSession cmdlet copies Event Trace for Windows (ETW) trace sessions to a folder. After you send the sessions to a specified
destination folder, use an analysis tool, such as Microsoft Message Analyzer, to read them.
PARAMETERS
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DeleteAfterSend [<SwitchParameter>]
Indicates that this cmdlet deletes the local copy of the original trace file after this cmdlet successfully sends a snapshot to the specified
location.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DestinationFolder <String>
Specifies the location where this cmdlet stores ETW trace sessions.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Name <String[]>
Specifies an array of names of sessions to send to the destination folder.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByPropertyName)
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of
zero is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are
running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
The return values consist of a Win32 error code and a value returned by the cmdlet. The codes have the following meanings:
0: Success. New file created. Existing file copied to the destination folder. Existing file deleted, if specified.
1: CreateNewFileFailed. Operation halts at this point if a new file is not created.
2: CopyFileFailed. New file created.
3: DeleteOldFileFailed. New file created. Existing file copied to the destination folder.
Example 1: Send a trace session to a folder
PS C:\\>Send-EtwTraceSession ????????Name "WFP-IPsec Trace" ????????DestinationFolder "\\\\server17\\traces\\" -DeleteExistingFileAfterSend
This command sends an ETW trace session named WFP-IPsec Trace to the destination folder \\\\server17\\traces\\. The command deletes the local copy of
the original trace after it is successfully copied.
RELATED LINKS
Get-EtwTraceSession
Remove-EtwTraceSession
Set-EtwTraceSession