FTP and ETW Tracing

Friday, August 29, 2008

FTP

My good friend Suditi Lahiri has written a terrific blog entry about one of the great new features in the FTP 7 service - which is Event tracing for Windows, or ETW for short. You can read her post at the following URL:

http://blogs.iis.net/sudt/archive/2008/08/28/collecting-etw-traces-for-ftp-sessions.aspx

Here's where this feature pays off - ETW tracing allows you to see some of the events that are going on inside the FTP service while its running without trying to attach a debugger to the service host. Another good friend of mine is Jaroslav Dunajsky, and he wrote a batch file that we use internally when testing the FTP server that automates some of the tasks that Suditi discussed in her blog.

I created an abridged version of Jaroslav's batch file some time ago that I've been using, and I thought that it would be a great complement to Suditi's blog. With that in mind, here's the code for the batch file that I use:

@echo off rem ====================================================================== echo Verifying that LogParser.exe is in the path... LogParser -h >nul 2>nul if errorlevel 1 ( echo. echo Error: echo. echo LogParser.exe is was not found. It is required for parsing traces. echo. echo Recommended actions: echo. echo - If LogParser is installed then fix the PATH echo variable to include the LogParser directory echo. echo - If LogParser is not installed, then install echo it from the following location: echo. echo http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07 echo. goto :EOF ) else ( echo Done. echo. ) rem ====================================================================== echo Starting the ETW session for full FTP tracing... logman start "ftp" -p "IIS: Ftp Server" 255 5 -ets echo. echo Now reproduce your problem. echo. echo After you have reproduced your issue, hit any key to close the FTP echo tracing session. Your trace events will be displayed automatically. echo. pause>nul rem ====================================================================== echo. echo Closing the ETW session for full FTP tracing... logman stop "ftp" -ets rem ====================================================================== echo. echo Parsing the results - this may take a long time depending on the size of the trace... LogParser "select EventTypeName, UserData from ftp.etl" -e 2 -o:DATAGRID -compactModeSep " | " -rtp 20

As mentioned previously, this batch file makes it easier to use the features that Suditi discussed in her blog, and if you're frequently testing FTP features then you may find yourself adding this batch file to your arsenal of troubleshooting tools.

No Comments