Add-PefMessageProvider
Add-PefMessageProvider
Adds a message provider for a Trace Session.
Syntax
Parameter Set: Default
Add-PefMessageProvider [-Session] <IPpkCaptureSession> [-Provider] <String[]> [ <CommonParameters>]
Detailed Description
The Add-PefMessageProvider cmdlet adds a message provider to a Trace Session. You can also specify a file containing message data as a provider or you can use Event Tracing for Windows (ETW) providers for a Protocol Engineering Framework (PEF) Trace Session.
Parameters
-Provider<String[]>
Specifies an array containing one or more message provider names.
Aliases |
none |
Required? |
true |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Session<IPpkCaptureSession>
Specifies the Trace Session to which you will add one or more message providers. To create a Trace Session, use the New-PefCaptureSession cmdlet.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters.
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
Example 1: Add a trace file as a message source for a Trace Session
This first command creates a PEF Trace Session object and stores it in the $TraceSession01 variable.
The second command adds a saved Microsoft Network Monitor capture file (.cap) as the message source for the Trace Session stored in the $TraceSession01 variable.
The third command stops the Trace Session. Note that you can stop the Trace Session by default with the keyboard shortcut Ctrl+C.
The fourth command starts the Trace Session stored in the $TraceSession01 variable.
C:\PS>$TraceSession01 = New-PefCaptureSession
PS C:\> Add-PefMessageProvider -Session $TraceSession01 -Provider "C:\Captures\UDP10k.cap"
PS C:\> Stop-PefCaptureSession -Session $TraceSession01
PS C:\> Start-PefCaptureSession -Session $TraceSession01
Example 2: Add a PEF message provider to a Trace Session
The first command creates a PEF Trace Session object and stores it in the $TraceSession01 variable.
The second command adds the Microsoft-Windows-NDIS-PacketCapture message provider to the Trace Session object stored in the $TraceSession01 variable.
The third command stops the Trace Session. Note that you can stop the Trace Session by default with the keyboard shortcut Ctrl+C.
The fourth command starts the Trace Session stored in the $TraceSession01 variable.
C:\PS>$TraceSession01 = New-PefCaptureSession
PS C:\> Add-PefMessageProvider -Session $TraceSession01 -Provider "Microsoft-Windows-NDIS-PacketCapture"
PS C:\> Stop-PefCaptureSession -Session $TraceSession01
PS C:\> Start-PefCaptureSession -Session $TraceSession01
Example 3: Add a system ETW provider to a Trace Session
The first command creates a PEF Trace Session object and stores it in the $TraceSession01 variable
The second command adds the Microsoft-Windows-Dhcp-Client system ETW provider to the Trace Session object stored in the $TraceSession01 variable.
The third command stops the Trace Session. Note that you can stop the Trace Session by default with the keyboard shortcut Ctrl+C.
The fourth command starts the Trace Session stored in the $TraceSession01 variable.
PS C:\> $TraceSession01 = New-PefCaptureSession
PS C:\> Add-PefMessageProvider -Session $TraceSession01 -Provider "Microsoft-Windows-Dhcp-Client"
PS C:\> Stop-PefCaptureSession -Session $TraceSession01
PS C:\> Start-PefCaptureSession -Session $TraceSession01