Collecting ETW traces for FTP Sessions

Posted: Aug 28, 2008  13 comments  

Average Rating

Tags
Debugging
FTP
Publishing

Share this Post

sudt
sudt
Contact Me
Recent Posts

Having problems with FTP Server not returning the expected return code? You have checked the detailed error message, nt event log and ftp log files, still can not get to the bottom of the problem?

Here are few simple steps you can follow to trace your ftp session and uncover the real cause. This feature is supported on Microsoft FTP Sever 7.0, which can be downloaded from http://www.microsoft.com/downloads/details.aspx?familyid=2ECCF14A-5C4F-4CFB-9153-CFE1204B346A&displaylang=en, and above.

1. Start FTP ETW Session using logman.exe

   Note: You need to be a system administrator on the FTP Server to be able to execute this command.

logman start "ftp" -p "IIS: Ftp Server" 255 5 –ets

2. Reproduce the error you are hitting

3. Stop FTP ETW Session using logman.exe

    Note: You need to be a system administrator on the FTP Server to be able to execute this command.

logman stop "ftp" –ets

4. Parse the etw log file using logparser.exe

    Note: LogParser can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

<Path To LogParser>\logparser "select EventTypeName, UserData from ftp.etl" -e 20 -o:DATAGRID -rtp 20 -compactModeSep " | "

 

The final step will open the etw log in the following grid format

image

 

In the above case the error is (Event #18) 0x8007002 (Specified File Not Found).

 

-Suditi

Comments

My good friend Suditi Lahiri has written a terrific blog entry about one of the great new features in

Aug 29 2008 by Robert McMurray's Blog [MSFT]

Pingback from  car insurance &raquo; FTP and ETW Tracing

Aug 29 2008 by car insurance » FTP and ETW Tracing

Pingback from  funny wallpaper &raquo; FTP and ETW Tracing

Aug 29 2008 by funny wallpaper » FTP and ETW Tracing

Pingback from  discount furniture &raquo; FTP and ETW Tracing

Aug 29 2008 by discount furniture » FTP and ETW Tracing

Pingback from  a-foton &raquo; FTP and ETW Tracing

Aug 29 2008 by a-foton » FTP and ETW Tracing

My good friend Suditi Lahiri has written a terrific blog entry about one of the great new features in

Aug 29 2008 by Robert McMurray

Pingback from  &raquo; FTP and ETW Tracing

Aug 29 2008 by » FTP and ETW Tracing

I’ve been working with this a lot recently and thought I’d share some of what I found with you. You'll

Nov 12 2008 by Adventures in IIS, Commerce and whatever else comes into my head.

Pingback from  Introduction to the Secure FTP Server 7.0 in Windows 2008 | MS Tech News

Nov 12 2008 by Introduction to the Secure FTP Server 7.0 in Windows 2008 | MS Tech News

Can someone please tell me what the latest version of logman.exe is?  I am running ver 6.0.6001.18000 which i think came with W2K8x64 but the article here infers that a newer version which supports switches such as logman start "ftp" -p "IIS: Ftp Server" 255 5 –ets exists...?

If so, where do I get it?  The FTP7 x64 did not install a newer one from what I can tell nor did the kb fix for roles.

Feb 12 2009 by Anonymous

Submit a Comment

  • Plain text is accepted.
  • URLs starting with http:// are converted to links.