We are currently using ETW to generate all application traces from our web tiers (ASP.NET MVC + WebApi). We want to extend our tracing to automatically record incoming HTTP requests, and outgoing HTTP requests (preferably without having to instrument all our API/MVC code).
Hence, was looking at built-in ETW providers either in IIS or in ASP.NET that I could leverage. Looked at the following ETW providers, and tried to collect traces using PerfView:
- Microsoft-Windows-HttpEvent {7B6BC78C-898B-4170-BBF8-1A469EA43FC5}
- Microsoft-Windows-HttpLog {C42A2738-2333-40A5-A32F-6ACC36449DCC}
- Microsoft-Windows-HttpService {DD5EF90A-6398-47A4-AD34-4DCECDEF795F}
- Microsoft-Windows-Runtime-Web-Http {41877CB4-11FC-4188-B590-712C143C881D}
- Microsoft-Windows-Runtime-WebAPI {6BD96334-DC49-441A-B9C4-41425BA628D8}
- ASP.NET Events {AFF081FE-0247-4275-9C4E-021F3DC1DA35}
- Microsoft-Windows-IIS-APPHOSTSVC {CAC10856-9223-48FE-96BA-2A772274FB53}
- Microsoft-Windows-IIS-Logging {7E8AD27F-B271-4EA2-A783-A47BDE29143B}
- Microsoft-Windows-IIS-W3SVC {05448E22-93DE-4A7A-BBA5-92E27486A8BE}
I'm able to capture events from other processes (including .NET + Kernel, and our own custom traces), but nothing from the above providers.
What am I missing? How do I enable the built-in ASP.NET/IIS ETW providers? Are there other providers/events that would give me the ability to inspect the incoming & outgoing HTTP requests?
Platform: Running Windows 8.1/Windows Server 2012 R2 + ASP.NET 4.5 + IIS 8.5
Here are the list of events of ASP.NET, IIS and HTTP events I used.
aff081fe-0247-4275-9c4e-021f3dc1da35 ee799f41-cfa5-550b-bf2c-344747c1c668 de4649c9-15e8-4fea-9d85-1cdda520c334 de4649c9-15e8-4fea-9d85-1cdda520c334 aff081fe-0247-4275-9c4e-021f3dc1da35 06b94d9a-b15e-456e-a4ef-37c984a2cb4b d55d3bc9-cba9-44df-827e-132d3a4596c2 a1c2040e-8840-4c31-ba11-9871031a19ea 3a2a4e84-4c21-4981-ae10-3fda0d9b0f83 23108b68-1b7e-43fa-94fb-ec3066805744 7b6bc78c-898b-4170-bbf8-1a469ea43fc5 dd5ef90a-6398-47a4-ad34-4dcecdef795f cac10856-9223-48fe-96ba-2a772274fb53 ab29f35c-8531-42ff-810d-b8552d23bc92 bbb924b8-f415-4f57-aa45-1007f704c9b1 da9a85bb-563d-40fb-a164-8e982ea6844b 05448e22-93de-4a7a-bba5-92e27486a8be 90303b54-419d-4081-a683-6dbcb532f261 23108b68-1b7e-43fa-94fb-ec3066805744 670080d9-742a-4187-8d16-41143d1290bd de4649c9-15e8-4fea-9d85-1cdda520c334
Edit:- Here is a post on How I used these additional providers troubleshoot the request and response messages from IIS to external authentication providers. View the http redirect and response message from an external authentication provider using ETW