Using Event Viewer to Start Winsock Network Event Tracing
When you open Event Viewer, the left pane contains the list of events. Open Applications and Services Logs and navigate to Microsoft\Windows\Winsock Network Event as the source and select Operational.
In the Action pane, select Log Properties and check the Enable Logging check box. Once logging is enabled, you can also change the size of the log file if this is needed.
Winsock network event tracing is now enabled and all you need to do is hit the Refresh action to update the list of events that have been logged. To stop logging, simply uncheck the same radio button.
You may need to increase the log size depending on how many events you want to see. One drawback to using the Event Viewer for Winsock tracing is that it does not load all the string resources so the messages displayed in the Description field (once you select an event) is sometimes hard to read (an argument that should be formatted as hex will be displayed in decimal, for example). However, you can select the Details tab in the event description which shows the raw XML log entry which usually has easier to understand arguments.
Using Event Viewer to Start Winsock Catalog Change Tracing
When you open Event Viewer, the left pane contains the list of events. Open Applications and Services Logs and navigate to Microsoft\Windows\Winsock Catalog Change as the source and select Operational.
In the Action pane, select Log Properties and check the Enable Logging check box. Once logging is enabled, you can also change the size of the log file if this is needed.
Winsock catalog change tracing is now enabled and all you need to do is hit the Refresh action to update the list of events that have been logged. To stop logging, simply uncheck the same radio button.
You may need to increase the log size depending on how many events you want to see. One drawback to using the Event Viewer for Winsock tracing is that it does not load all the string resources so the messages displayed in the Description field (once you select an event) is sometimes hard to read (an argument that should be formatted as hex will be displayed in decimal, for example). However, you can select the Details tab in the event description which shows the raw XML log entry which usually has easier to understand arguments.
No comments:
Post a Comment