Curious if anyone has experience with using EventFlow out of process? The documentation suggests it's built for using in-process (in relation to what's being monitored) but I was hoping to run it in a separate process (Service Fabric service) and monitor EventSource inputs from a number of other Service Fabric services running on the same machine.
One of the reasons for doing this, is that I want to make sure I capture ETW events written when a service exceptions and is about to die. Currently, EventFlow running in the same process that is crashing, is not surprisingly only occasionally able to write the event to its output (in this case the event log).
Thanks, Hans
Yes, you can. Just configure the ETW input using the name of your EventSource.
From the docs:
Make sure your service that captures the events using EventFlow runs on the same node as the service that emits the events. Best is to make it a Stateless Service with an InstanceCount of -1 so it runs on every node.
Do mind that if this logging service fails on a node no events are captured on that node until it has recovered. So I suppose it is best used as a backup or something.