Why use ETW over EventLog and vice versa?
Why should I use Event Tracing for Windows (ETW) over the standard .NET EventLog class, and vice versa? Does knowing that we'll be using quite a few performance counters impact the decision?
What I know so far:
- ETW should perform much better.
- ETW is much more work to integrate with (e.g. .NET Event Tracing for Windows)
- By selecting one of the standard channels in ETW (e.g. Application, System), the same information is available in the event log.
Answer
ETW has many advantages.
First, in .NET 4.5, it will be far simpler to use. The EventSource class in 4.5 dramatically simplifies creating events from within your code.
However, even without this, ETW has some huge advantages, though it does typically work differently, and, as such, serve a different purpose than EventLog.
EventLog is really designed for logging. ETW, on the other hand, allows you to trace your application's progress in the context of the system as a whole. When you start collecting ETW events, you collect them on a system basis, which lets you not only trace your application, but see what's happening in relation to the system as it's running. By using a tool like PerfView, you can see how specific portions of your application operate while simultaneously seeing what's happening with the framework and Windows as a whole.