HowTo: WinInet ETW logging (Analytic Logging)

HowTo: WinInet ETW logging (Analytic Logging)

  • Comments 1

 

Here is a HowTo on Collecting WinInet Tracing on Windows Vista, Windows 7, Windows 2008 Server and Windows Server 2008 R2. If you require to collect this log, you can enable this log just before the issue and disable soon after the repro, that will provide more information. Here are the screenshots for enabling this.

 

1) Open Event Viewer and Select Applications and Services Logs and then Click on View Menu, Check the “Show Analytic and Debug Logs”.

clip_image002

 

2) Under Applications and Services Logs, expand Microsoft and then Windows

3) clip_image004

 

4) Under Windows, Select WinInet and expand. Then right click on the Analytic and Select Enable Log.

5) clip_image006

 

6) Then select “Disable Log” and save all events to a file in evtx format or .csv for easy viewing.

7) clip_image008

 

By default the size of the buffer is set to 1028KB. I would suggest that this value be increased to 25MB just to make sure we don’t end up overwriting  the information because of a small buffer.

clip_image010

Leave a Comment
  • Please add 6 and 5 and type the answer here:
  • Post
  • Hi,

    I have enabled this logging in Windows 8, but every alternate entry in the logs show this error:

    The description for Event ID {Id} from source Microsoft-Windows-WinINet cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    135545648

    The message id for the desired message could not be found.

    Any idea what component is corrupted here? I tried reinstalling IIS and IE, but did not help.

Page 1 of 1 (1 items)