Windows Log Output to Event Viewer or Text File
coder at poorlab.com
Thu Oct 14 18:40:02 UTC 2021
On Thu, Oct 14, 2021, at 17:41, Frank Wayne wrote:
> On Wed, Oct 13, 2021, at 18:16, Jason A. Donenfeld wrote:
> > Event Logging appears to be rather slow and clunky [...]
In fact, Windows Event Logging has two APIs: ETW and WPP.
The ETW API is, indeed, slow and clunky.
However, the WPP API is very high-performance. The trace function in Windows native TCP stack is implemented with WPP.
If someone like Frank has the time and ability, they could check this MSDN documentation and try to implement it:
However, I also think this feature is *not* a prioritized task, at least for average users.
I am not sure if I get Jason's idea: Is current Wireguard driver using a ring buffer of 2,048 messages for logging?
I am not sure if it has a notify mechanism: Otherwise, the userspace collector will have to poll the logs. Polling too fast consumes power, polling too slow may skip messages.
More information about the WireGuard