Share via


Event ID 5 — Winsock Tracing

Applies To: Windows Server 2008

Winsock does not log events unless Event Tracing for Windows (ETW) is enabled for Microsoft-Windows-Winsock-AFD, which is disabled by default. After ETW is enabled, an event is logged whenever a Winsock-based application uses one of the core Winsock operations, such as creating a socket.

To verify that tracing for Winsock is enabled:

  1. To start tracing, at the command prompt, type logman start winsocktrace -p Microsoft-Windows-Winsock-AFD –o winsocktrace.etl –ets.
  2. To stop tracing, type logman stop winsocktrace -ets.
  3. To view the report in XML format, type tracerpt winsocktrace.etl -y -o winsocktracelog.xml -of xml.

Note:   Alternatively, tracing can be enabled or disabled by using Event Viewer.

Event Details

Product: Windows Operating System
ID: 5
Source: Microsoft-Windows-Winsock-WS2HELP
Version: 6.0
Symbolic Name: AFD_EVENT_CONNECT_V6
Message: Socket connect: %1 %2 %3 %4

Resolve

This is a normal condition. No further action is required.

Winsock Tracing

Networking