Modes of operation

TraceEvent() doesn't support the different modes of operation that tracelogger does; your application has to indicate when to start tracing, how long to trace for, and so on:

• To choose linear or ring mode, use the _NTO_TRACE_SETLINEARMODE or _NTO_TRACE_SETRINGMODE command:

  TraceEvent(_NTO_TRACE_SETLINEARMODE);
  TraceEvent(_NTO_TRACE_SETRINGMODE);
  

  As described earlier in this chapter, in ring mode the kernel stores all events in the ring of buffers without flushing them. In linear mode (the default), every filled-up buffer is captured and flushed immediately.

  Note: _NTO_TRACE_SETLINEARMODE and _NTO_TRACE_SETRINGMODE cause the trace buffers to be cleared, so you should use these commands before you start tracing.
• To start tracing, use the _NTO_TRACE_START or _NTO_TRACE_STARTNOSTATE command:

  TraceEvent(_NTO_TRACE_START);
  TraceEvent(_NTO_TRACE_STARTNOSTATE);
    

  These commands are similar, except that _NTO_TRACE_STARTNOSTATE suppresses the initial system state information (which includes thread IDs and the names of processes). This information is overwritten when the kernel reuses the buffer; if you're logging events in ring mode, you can make sure you capture the process names by issuing an _NTO_TRACE_START command followed by _NTO_TRACE_STOP after you've finished tracing.

• To stop tracing, use the _NTO_TRACE_STOP command:

  TraceEvent(_NTO_TRACE_STOP);
    

  You can decide whether to trace until you've gathered a certain quantity of data, trace for a certain length of time, or trace only during an operation that's of particular interest to you. After stopping the trace, you should flush the buffer by calling:

  TraceEvent(_NTO_TRACE_FLUSHBUFFER);