Set-NetEventSession
Set-NetEventSession
Modifies a network event session.
语法
Parameter Set: ByName
Set-NetEventSession [[-Name] <String[]> ] [-CaptureMode <CaptureModes> {RealtimeRPC | SaveToFile | RealtimeLocal} ] [-CimSession <CimSession[]> ] [-LocalFilePath <String> ] [-MaxFileSize <UInt32> ] [-MaxNumberOfBuffers <Byte> ] [-PassThru] [-ThrottleLimit <Int32> ] [-TraceBufferSize <UInt32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
Parameter Set: ByProviderOfSession
Set-NetEventSession [-AssociatedEventProvider <CimInstance> ] [-CaptureMode <CaptureModes> {RealtimeRPC | SaveToFile | RealtimeLocal} ] [-CimSession <CimSession[]> ] [-LocalFilePath <String> ] [-MaxFileSize <UInt32> ] [-MaxNumberOfBuffers <Byte> ] [-PassThru] [-ThrottleLimit <Int32> ] [-TraceBufferSize <UInt32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
Parameter Set: InputObject (cdxml)
Set-NetEventSession [-CaptureMode <CaptureModes> {RealtimeRPC | SaveToFile | RealtimeLocal} ] [-CimSession <CimSession[]> ] [-LocalFilePath <String> ] [-MaxFileSize <UInt32> ] [-MaxNumberOfBuffers <Byte> ] [-PassThru] [-ThrottleLimit <Int32> ] [-TraceBufferSize <UInt32> ] [-Confirm] [-WhatIf] [ <CommonParameters>] [ <WorkflowParameters>]
详细说明
The Set-NetEventSession cmdlet modifies a network event session. A session controls how the computer logs events and, optionally, network traffic, or packets. A session requires at least one network event provider for logging. A network event provider logs events and network traffic as Event Tracing for Windows (ETW) events. The session stores these events in an .etl file or provides them to an application that displays them.
Specify a session to modify by using its name, or get a session to modify by using the Get-NetEventSession cmdlet. You can remove a session by using the Remove-NetEventSession cmdlet. Use the New-NetEventSession cmdlet to create a session. Only one session can exist at a time.
You can modify the maximum number of buffers in a session and the size of the trace buffer.
You can also modify whether to use an.etl file and, if you do, specify its location and maximum size. Instead of an .etl file, you can select a type of live display.
Use the Start-NetEventSession and Stop-NetEventSession cmdlets to start and stop logging. If you make changes to a session that is currently running, you must stop and restart the session for your changes to take effect.
参数
-AssociatedEventProvider<CimInstance>
Specifies the associated network event provider as a CIM object. To obtain the network event provider, use the Get-NetEventProvider cmdlet.
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
True (ByValue) |
是否接受通配符? |
false |
-CaptureMode<CaptureModes>
Specifies a capture mode. 此参数可接受的值如下:
-- SaveToFile. Saves the capture to an .etl file.
-- RealtimeRPC. Connects remotely for a live event and packet capture.
-- RealtimeLocal. Connects locally for a live event and packet capture.
If you specify a value of SaveToFile, you can specify a location for the file by using the LocalFilePath parameter and specify a maximum file size by using the MaxFileSize parameter.
If you specify a value of RealtimeRPC or RealtimeLocal, the capture requires additional software, such as Microsoft Message Analyzer.
别名 |
cm |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-CimSession<CimSession[]>
在远程会话中或在远程计算机上运行 cmdlet。输入计算机名称或会话对象,例如 New-CimSession 或 Get-CimSession cmdlet 的输出。默认为本地计算机上的当前会话。
别名 |
Session |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-LocalFilePath<String>
Specifies a file path. If you specify a value of SaveToFile for the CaptureMode parameter, the cmdlet saves the file to this location. Be sure that you can write to this location. If you do not specify this parameter, the cmdlet uses the default value of %LocalAppData%\Temp\NetTrace.etl.
别名 |
lfp |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-MaxFileSize<UInt32>
Specifies a maximum file size, in megabytes. If you specify a value of SaveToFile for the CaptureMode parameter, this value is the maximum size for the .etl file. Once the file reaches the maximum, the session continues to save events, and discards the oldest events to make room. A value of 0 means that there is no maximum. If you do not specify this parameter, the cmdlet uses a default value of 250.
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-MaxNumberOfBuffers<Byte>
Specifies the maximum number of buffers used in a session. If the computer determines that the value restricts performance or the value is 0, the computer overrides the configuration to optimize trace performance. For more information, see EVENT_TRACE_PROPERTIES structure (https://msdn.microsoft.com/en-us/library/windows/desktop/aa363784(v=vs.85).aspx) In the Microsoft Developer Network library.
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-Name<String[]>
Specifies an array of names of sessions to modify.
别名 |
none |
是否为必需? |
false |
位置? |
1 |
默认值 |
none |
是否接受管道输入? |
True (ByPropertyName) |
是否接受通配符? |
false |
-PassThru
返回一个表示你正在处理的项的对象。默认情况下,此 cmdlet 将不产生任何输出。
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-ThrottleLimit<Int32>
指定可建立的用于运行此 cmdlet 的并发操作的最大数目。如果省略了此参数或输入了值 0,那么 Windows PowerShell® 将基于正在计算机上运行的 CIM cmdlet 的数目,计算 cmdlet 的最佳中止值。中止值仅适用于当前 cmdlet,而不适用于会话或计算机。
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-TraceBufferSize<UInt32>
Specifies the amount of memory, in kilobytes, for a buffer for event tracing. The maximum value is 1024. If the computer determines that the value restricts performance or the value is 0, the computer overrides the configuration to optimize trace performance. The ETW logger uses the size of physical memory to calculate the default value.
别名 |
none |
是否为必需? |
false |
位置? |
named |
默认值 |
none |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-Confirm
运行 cmdlet 之前提示你进行确认。
是否为必需? |
false |
位置? |
named |
默认值 |
false |
是否接受管道输入? |
false |
是否接受通配符? |
false |
-WhatIf
显示如果运行 cmdlet 则会发生什么情况。cmdlet 未运行。
是否为必需? |
false |
位置? |
named |
默认值 |
false |
是否接受管道输入? |
false |
是否接受通配符? |
false |
<CommonParameters>
此 cmdlet 支持通用参数:-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer 和 -OutVariable。有关详细信息,请参阅 about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
<WorkflowParameters>
此 cmdlet 支持以下工作流通用参数:-PSParameterCollection、-PSComputerName、-PSCredential、-PSConnectionRetryCount、-PSConnectionRetryIntervalSec、-PSRunningTimeoutSec、-PSElapsedTimeoutSec、-PSPersist、-PSAuthentication、-PSAuthenticationLevel、-PSApplicationName、-PSPort、-PSUseSSL、-PSConfigurationName、-PSConnectionURI、-PSAllowRedirection、-PSSessionOption、-PSCertificateThumbprint、-PSPrivateMetadata、-AsJob、-JobName 和 –InputObject。有关详细信息,请参阅 about_WorkflowCommonParameters。
输入
输入类型是指可通过管道传送给 cmdlet 的对象的类型。
输出
输出类型是 cmdlet 所发出对象的类型。
示例
Example 1: Modify the file path for a session
This command modifies the file path for the network event session on the current computer. The new path is C:\WINDOWS\Temp\Trace.etl. If you make changes to a session that is currently running, use the Stop-NetEventSession and Start-NetEventSession cmdlets to stop and restart logging.
PS C:\> Set-NetEventSession -LocalFilePath 'C:\WINDOWS\Temp\Trace.etl'