How to Capture an Event Trace of the Verigio Network Filter Driver with Performance Monitor

This article applies to the following products:

Verigio Network Filter driver has the capability to perform real-time logging of its network processing into a standard Windows ETL file. Such logging may consume substantial CPU and disk resources depending on the logging flags and the detail level. It is recommended to consult with our technical support to obtain the optimal logging parameters for a given hardware/software environment.

The real-time logging can be started and managed using the standard Windows program - Performance Monitor (perfmon.exe).

1. Start Performance Monitor.

Start Performance Monitor application

2. Select Event Trace Sessions node from the tree on the left.

Performance Monitor - select Event Trace Sessions

3. Create the new Data Collector Set named "verigio".

Performance Monitor - create Data Collector Set

Performance Monitor - specify Data Collector Set name

4. Add event trace providers: "Verigio - Network Filter Driver Trace" and "Verigio - Network Filter Driver Trace2".
Please note that these event trace providers are only installed as part of Verigio products.

Performance Monitor - add Event Trace Provider

5. For each of the event trace providers, edit the Keywords(Any) that select the event traces to be captured. These settings significantly affect the size of the output log file. Please consult with our technical support to obtain the exact keywords to be used for the specific logging.

Performance Monitor - edit Keywords

6. For each of the trace providers, edit the logging Level. Set it to Information or Verbose.

Performance Monitor - edit Logging Level

7. Select the log file location.

Performance Monitor - edit event trace file location

8. Save and close.

Performance Monitor - finish

9. Adjust properties of the new Data Collector Set.
Right mouse click on the just created "verigio" Data Collector Set. Then, select Properties from the context menu. On the tab Stop Condition, set the Maximum Size to 1,500 megabytes. This limits the log file to 1,500 megabytes.

Performance Monitor - Data Collector Set - Stop Condition

On the tab File, set checkmark next to Circular (requires a non-zero maximum file size). This makes the log to keep going when it reaches its maximum size by overwriting its oldest log records.

Performance Monitor - Data Collector Set - Circular Log

10. Start logging.
Please note that this action starts voluminous real-time logging. Consider starting it right after being fully prepared to reproduce the network traffic for logging.

Performance Monitor - run Data Collector Set

11. Once the needed network traffic processing was logged, stop the logging. The log file with the ETL extension (e.g. verigio.etl) is now located in the folder that was specified in the step "Select the log file location".

12. Contact our technical support to obtain the URL for ETL file upload that is specific to your support ticket.



Last updated: Sep 19, 2022.

By clicking accept, you understand that we use cookies to improve your experience on our website. For more details, please see our Cookie Policy.