Windows Server AppFabric writes emitted data from applications and services to ETW. The emitted data is then further captured from the ETW session by Windows Server AppFabric's Event Collection service and gets written to the monitoring store.
Note
Event Tracing for Windows (ETW) is a high-speed tracing facility that provides a tracing mechanism for events raised by applications (as well as kernel-mode drivers). ETW can be broken down into three distinct components:
Controller is responsible for starting and stopping event tracing sessions (without having to restart the application)
Provider emits events that go in to ETW session
Consumer reads events off the ETW session and consumes the event data based on the consumer logic
The following diagram shows how the WCF/WF events emitted by a Windows Server AppFabric hosted service are written to the monitoring database:
In this recipe, we will get to know how we can secure the following two important parts...