The Web Application Trace Explorer relies on data from the Event Tracing for Windows (ETW) facility. ETW is a diagnostic infrastructure built into the Windows operating system. The ETW event data that the Web Application Trace Explorer Trace Explorer gathers and analyzes supplements Windows performance counters in several useful ways. The application, networking and web server events are used to calculate request rates and responses times of web applications, measurements that are not available from Windows performance counters.
In ETW terminology, trace Providers generate the event data that Listeners consume. The Web Application Trace Explorer functions as a trace Listener, gathering data from the following trace Providers:
- the HttpService Provider instruments the http.sys kernel driver that processes all Http protocol requests and responses,
- the Microsoft-Windows-TCPIP Event Trace Provider that instruments the Windows TCP/IP networking stack. Note that the Microsoft-Windows-TCPIP Event Trace Provider requires Windows version 6.1 (either Windows Server 2008 R2 or Windows 7). The Microsoft-Windows-TCPIP Event Trace Provider records diagnostic events associated with all TCP/IP network traffic on your machine. This includes all UDP traffic that is transmitted or received, but does not include transmission on other networking interfaces, such as named pipes.
- the Kernel Provider for recording Process Start and End events only,
- the Scenario instrumentation library’s ETW Provider. The Scenario instrumentation library is a useful tool for generating response time measurements from inside a Windows application. Web applications that embed calls to the Scenario Begin, Step and End methods generate the application response-time measurement events that the Web Application Trace Explorer Trace Explorer gathers and analyzes. (You can download a copy of the Scenario instrumentation library here at http://archive.msdn.microsoft.com/Scenario.)
- an HttpModule inserted into the IIS pipeline that is configured to intercept web beacons issued by the Yahoo boomerang.js script that is inserted into your web pages to instrument them. This HttpModule serves as an ETW Provider, capturing the web client response time measurement data that is passed in the web beacon and formatting it for ETW.
You can gather the event trace data to be analyzed directly using the Web Application Trace Explorer. The Web Application Trace Explorer contains a trace Create function that simplifies the task of generating the ETW trace files that the program processes. You can also use any other valid ETW trace data logging utility to gather the trace data for the Web Application Trace Explorer to analyze. You can use standard ETW utilities such as the Performance Monitor, the logman.exe command line interface, or the xperf.exe program in the Windows Performance Toolkit to gather the event trace data that the Web Application Trace Explorer processes and displays.
You can use the Web Application Trace Explorer desktop application GUI to create trace files on the machine where the Web Application Trace Explorer is installed.
You can also deploy the TraceCmd.exe command line program to any Windows (version 7 or later) or Windows Server (version 2008 R2 or later) machine that you need to be able to monitor. From an elevated Command prompt, you can then run the TraceCmd.exe program locally on that machine to create the web application trace file. You can then process any .etl log files that were created on other machines in the desktop version of the Web Application Trace Explorer that you have installed..