Windows Performance Recorder, Xperf123 and CLUE all collect ETW traces for use with Windows Performance analyzer!

Good Evening.

I wanted to make a quick article for those Support cases where I need to perform an analysis on the issue, in a way that will allow me to see the Data Set in the most Creative way possible.

I do think you will prefer the Graphical Interface method of doing this , but  the site where it is hosted is going to close down at some point. So I will be attaching a link to the download, in case it becomes a lost web site.

Actually there are a couple of tools we should be aware of. So this article is about Ways to Use Xperf to collect logs for support evaluations.  Specifically, I am calling out three ways; the command line, The Core Windows Recorder, and two additional tools.

XPERF

So all of these tools will require xperf to be installed. this is part of the Windows performance tool kit. this also contains windows performance recorder and analyzer. The truth is you can just run the windows performance recorder, and this will achieve the objective of this article. But, you cant just let the recorder run, in perpetuity. There is a hit to the system for running it, and it will eventually fill up your hard drive.

Not that these other tools have methods which are any better. The main thing you need to know, is  you must monitor resources and know when to start and stop these tools your self. They can be dangerous if not used by an IT person with experience. The bottom line is use caution!

 

Command Line

For the command line options, I am just going to show you how to start,stop and obtain the log (ETW) file. You will then return the file to the support department, and they can give you an analysis.

Some example of commands which will result in a file you can give to your support team:

  • Start Trace
    • Xperf –on DiagEasy
    • Xperf –providers KG
  • Stop trace (and generate ETW)
    • Xperf –d trace.etl
  • display trace
    • Xperf trace.etl

Well That was easy wasn’t it? Well the rest of this is not too much harder. This is some complex stuff, but we want to make it easy to collect if possible. So the next tool on the block is the Windows Performance Recorder. I will not even spend any article time on this. This is the simple Next Next Finish windows method. You can do some searching on the internet if you need a few screen shots.

Now to the meat of the show. Two Tools I think you may find helpful. XPerf123 and the Clue tool. Clue is Collection of logs and the User Experience. Xperf123 is at codeplex, but they say codeplex is closing. I will not include links to their site. I will have a copy of the tool in this article. Xperf123 Download

So we are starting with XPERF 123. This is the tool on CodePlex. Download it here- Xperf123 Download

So this tool will let you form the syntax of a shell command to start and stop a log collection. It allows for all the variables you would ant like circular logging etc..

The basic article that was on the codeplex sight is below, for your convenience. This is in case the codeplex data is gone from the internet:

XPERF123

Project Description
This tool is used to automate the process of collecting xperf traces easy without the user worring about the various settings and configuration options.

UPDATE
The tool does not package XPerf.exe, perfctrl.dll, xbootmgr.exe, xbootmgrSleep.exe or xperfview.exe. Please download the Windows Performance Toolkit separately from http://msdn.microsoft.com/en-us/performance/cc752957 and then run this tool from the same location as the files.

Why this tool?
Collecting ETW traces was never this easy. With this new utility, xperf/xbootmgr logs can be collected without breaking a sweat. Just a few clicks and the required data gets collected. You no longer need to enter complicated commands to collect the data. Just select the kind of data/monitoring you desire and XPerf123 is going to get that data for you just like 1 – 2 – 3.
It also creates a simultaneous perfmon running at 5 seconds interval.

System Requirements
.NET Framework 3.0
Administrator rights on the machine.
Windows 2003/Windows Vista/Windows 7/Windows Server 2008/Windows 2008R2.

So how do I use it????
1. Follow the wizard interface of the tool.
2. From the drop down menu, select the kind of trace you want to capture.
3. Click on Start button.
4. Reproduce the issue.
5. Click on Stop button.
6. The file is will be created in the same location as the XPerf123.exe

Main features
– In Normal mode, the default paramaters for BufferSize, MinBuffers and MaxBuffers is 1024.
– It can be customized for advanced settings.
– There is option to have log the trace file in circular mode which is enabled by default. If required, it can be unchecked.
– Logs are created in the same directory by default.
– We can also save the logs to a different location then from the location where we run it from.
– It also creates a perfmon counter and starts it when we start the xperf capture.
– If Perfmon was also collected, the Perfmon logs are located in the C:\PerfLogs\ directory with the name perflognnnnnn.blg
– If we select stack walk, then the default stack walks for the respective traces will be enabled unless the user manually selects the stackwalk parameters. This is benifical for someone who wants to do stack tracing but doesn’t know what all the options to select for stack walk.
– The creation of the registry and the reboot prompts for stack walks have been automated. In the next build, I will try to log that information as well to the log file so that we know what registries were modified or created.
– Advanced options in the xbootmgr parameters to set the Buffer Options and the Enable Property .
– The Pool Trace will only work if we are using a version of xperf that supports the feature.

What do I need to get started
We need to have all the files in the same directory as xperf123.exe –
XPerf.exe
perfctrl.dll
xbootmgr.exe
xbootmgrSleep.exe
xperf.exe

Unless necessary, the General option should be able to get all the required information.
The program is designed to auto elevate, but if not getting the required results, please try running it as an administrator.
For reviewing XPerf logs, we need the xperfview.exe.

1.png
Starting up the Xperf123.exe

2.png
Select the kind of data collection you need

3.png
Enable Perfmon logging ( If you want )

4.png
And we are done. Click Start to start the capture

CLUE TOOL
Now we have one tool left. This is the newest I have seen. This tool will collect logs when there is a problem on the system. This could be a good tool to use under some circumstances.
This tool is the CLUE tool:

Clue stands for Collection of Logs and the User Experience. This tool is an automated way to collect the logs only when the issue is occurring. This is helpful, because the log collection itself can be part of a slowness or latency problem

 

Requirements for this tool:

 

  1. Download tool from – http://aka.ms/ClueTool
  2. Download and Install the Windows Performance Toolkit (WPT)
  3. Toolkit can be installed during setup. See the Clue Usage Guide.docx
  4. Right Click and choose properties of zip file. Choose unblock
  5. Unzip to long term location
  6. Run the Setup.bat file with Admin Rights

 

All features of the application will run out of C:\ProgramData\Clue  directory. If you need to run in a different directory, then change the config.xml file.

Output files will be located at \Microsoft\Windows\Clue\IncidentFolderManagement , again unless you specify otherwise in the config.xml file.

The bottom line is there are two things you want to check out. One is the scheduled Tasks, that start with CLUE_. Make sure they meet your needs as to when to collect data, and for how long.

Second is the config.xml file. You can set many things before the install, that saves you from making multiple changes after the install.

Below is what you will see in the scheduled tasks in Windows;

You will then see inside the CLUE folder, the tasks that you can change to meet your needs:
This is a great tool, in that you have some control over when and why the log collection runs. It can even survive a reboot. So this is a great tool, when
you dont know when the problem is going to occur.
To conclude, I have presented 4 ways you may get an ETL log collected and ready to send to your support person. If you have any issues, Call your support team and they should be able to help you out with it.
Windows Performance Recorder, Xperf, Xperf123, and Clue all try to do the same thing. However, it is our way of having many ways that makes us a great county!! Well Maybe a Great world, because I am certain the players in these tools are quite diverse. Indeed Hail Diversity! and Hail Molvania!
Louis
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s