I am currently working on an application (C ++) that is trying to connect to system events through the Windows event log.
I use the API EvtSubscribe, which is very well described by MSDN. Everything works fine, and I successfully receive notifications for any event that occurs.
My concern is that I came across a web link describing the type of event that I had never seen before: Activity Tracing .
All types of events (critical, error, information, etc.) are acquired using the EvtRenderAPI and EvtSystemLevel/ attributes EvtSystemKeywords.
Google searches were full of false positives because the keywords Activity and Trace were reused for multiple applications and infrastructures.
My best advantage came from the link we found written by a user of another event logging structure:
Microsoft uses it for troubleshooting.
Negotiation Exchange / SCT. This can happen on transport later (via binary data exchange) or the message layer (via SOAP messaging). Encryption / decryption of messages with signature verification and authentication. Traces appear in the surrounding activity, usually the "Process Action".
Authorization and verification. This can happen locally or when communicating between endpoints.
http://msdn.microsoft.com/en-us/library/aa738639.aspx
http://msdn.microsoft.com/en-us/library/aa738609.aspx
, , WCF.
, WCF, , .NET WCF .
- ?