rushikeshpatil12
commented
5 years ago I figured I was doing some heavy processing(test code) on the events that I forgot about. It slowed down the consumption. I removed it and it seems to be working just fine.
Thanks.
Hi Zac
I have created a registry etw session using krabsetw. However it seems I am missing quite a few events. I wrote a test exe that sets reg value & never see those events. I created a session using Message Analyzer & it catches those events
See the image below comparing both sessions. Don't see much different.
I tried increasing info.properties.MaximumBuffers to make total 512kb buffer. With this I start seeing the events but delayed by almost 1-2 minutes.
Is this because my consumption rate is low? How can MMA consume faster? Is it possible to add multi-threaded consumers?
Appreciate any pointers.
Cheers Rushikesh