Send-EtwTraceSession

S'applique à: Windows 10, Windows Server Technical Preview

Send-EtwTraceSession

Copies ETW trace sessions to a folder.

Syntaxe

Parameter Set: ByName
Send-EtwTraceSession [-Name] <String[]> -DestinationFolder <String> [-CimSession <CimSession[]> ] [-DeleteAfterSend] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]

Parameter Set: InputObject (cdxml)
Send-EtwTraceSession -DestinationFolder <String> [-CimSession <CimSession[]> ] [-DeleteAfterSend] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]

Description détaillée

The Send-EtwTraceSession cmdlet copies Event Trace for Windows (ETW) trace sessions to a folder. After you send the sessions to a specified destination folder, use an analysis tool, such as Microsoft Message Analyzer, to read them.

Paramètres

-CimSession<CimSession[]>

Exécute l'applet de commande dans une session distante ou sur un ordinateur distant. Entrez un nom d'ordinateur ou un objet de session, tels que le résultat d'une applet de commande New-CimSession ou Get-CimSession. La valeur par défaut est la session en cours sur l'ordinateur local.

-DeleteAfterSend

Indicates that this cmdlet deletes the local copy of the original trace file after this cmdlet successfully sends a snapshot to the specified location.

-DestinationFolder<String>

Specifies the location where this cmdlet stores ETW trace sessions.

-Name<String[]>

Specifies an array of names of sessions to send to the destination folder.

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of zero is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

-Confirm

Vous invite à confirmer l'exécution de l'applet de commande.

-WhatIf

Indique ce qui se produit en cas d'exécution de l'applet de commande. L'applet de commande n'est pas exécutée.

<CommonParameters>

Cette applet de commande prend en charge les paramètres courants : -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer et -OutVariable. Pour plus d'informations, consultez  . about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

<WorkflowParameters>

Entrées

Le type d'entrée correspond au type des objets que vous pouvez adresser à l'applet de commande.

Sorties

Le type de sortie correspond au type des objets que l'applet de commande émet.

Remarques

• The return values consist of a Win32 error code and a value returned by the cmdlet. The codes have the following meanings:

  0: Success. New file created. Existing file copied to the destination folder. Existing file deleted, if specified.
  1: CreateNewFileFailed. Operation halts at this point if a new file is not created.
  2: CopyFileFailed. New file created.
  3: DeleteOldFileFailed. New file created. Existing file copied to the destination folder.

Exemples

Example 1: Send a trace session to a folder

This command sends an ETW trace session named WFP-IPsec Trace to the destination folder \\server17\traces\. The command deletes the local copy of the original trace after it is successfully copied.

PS C:\> Send-EtwTraceSession –Name "WFP-IPsec Trace" –DestinationFolder "\\server17\traces\" -DeleteExistingFileAfterSend

Rubriques connexes

Get-EtwTraceSession

Remove-EtwTraceSession

Set-EtwTraceSession