How do I find all the ETW sessions on the machine?
logman is your tool for this. Here is how you can query for all the sessions and also how to see values from a particular session.
c:\> logman -ets
Data Collector Set Type Status
-------------------------------------------------------------------------------
AITEventLog Trace Running
Audio Trace Running
DiagLog Trace Running
EventLog-Application Trace Running
EventLog-System Trace Running
NtfsLog Trace Running
SQMLogger Trace Running
UBPM Trace Running
WdiContextLog Trace Running
MpWppTracing Trace Running
FSysAgentTrace Trace Running
MSMQ Trace Running
MSDTC_TRACE_SESSION Trace Running
test_trace Trace Running
The command completed successfully.
c:\> logman test_trace -ets
Name: test_trace
Status: Running
Root Path: C:\
Segment: Off
Schedules: On
Segment Max Size: 500 MB
Name: test_trace\test_trace
Type: Trace
Output Location: C:\09_19_44.etl
Append: Off
Circular: On
Overwrite: Off
Buffer Size: 8
Buffers Lost: 0
Buffers Written: 1
Buffer Flush Timer: 0
Clock Type: Performance
File Mode: File
Provider:
Name: Microsoft-Windows-Application Server-Applications
Provider Guid: {C651F5F6-1C0D-492E-8AE1-B4EFD7C9D503}
Level: 5
KeywordsAll: 0x0
KeywordsAny: 0xffffffff
Properties: 0
Filter Type: 0
The command completed successfully.