Add EnlistmentId and MountId to ETW data for correlation#218
Add EnlistmentId and MountId to ETW data for correlation#218kewillford merged 1 commit intomicrosoft:masterfrom
Conversation
sanoursa
left a comment
sanoursa
left a comment
There was a problem hiding this comment.
Can you give more info on what the actual issue is? If I'm looking at a log file, don't I already know what enlistment/mount process it's from?
I'm guessing the issue isn't the log files, but rather the ETW events? If that's the case - then it seems that we should add this extra metadata to those ETW events, but not pollute our log files with them. What are your thoughts on that?
kewillford
force-pushed
the
add-mountid
branch
from
316f31f to
98dcfa9
Compare
kewillford
changed the title
sanoursa
left a comment
sanoursa
left a comment
There was a problem hiding this comment.
Thanks for the updated approach. This makes sense to me. Only one minor comment - does it make sense to create a type to encapsulate enlistment id and mount id, since we seem to always require both at once? Or should we update our mount id to be encapsulation id plus some additional value, to avoid requiring two strings?
That's all minor though, and not really required for this PR.
| @@ -107,20 +111,37 @@ private EventSourceOptions CreateOptions(EventLevel level, Keywords keywords, Ev | |||
|
|
|||
| // Needed to pass relatedId without metadata | |||
There was a problem hiding this comment.
Should this comment be removed now?
kewillford
force-pushed
the
add-mountid
branch
from
98dcfa9 to
d58b8b7
Compare
4 participants
When matching up data with ETW event there is an EnlistmentId and mountId that it tied to data about the enlistment and the mounted process. Other events are not tied to this data so when an exception happens getting the mount data that corresponds to it is not directly correlated.
This adds the EnlistmentId and MountId to the ETW data so that the data can be correlated.