Dmitry Vostokov, 12th February, 2010 Updated 9th of June, 2010
http://www.dumpanalysis.org

ETW^[5] (and Citrix extension, CDF^[6]) traces can be very large having millions of messages. Therefore, it is of great importance to have tools that make analysis efficient and effective. In this article I compare two such tools developed by Citrix technical support and published as CDFControl^[7] (version 2.5.0.22) and CDFAnalyzer^[8] (version 1.0). Each tool has its own strengths and weaknesses. We start with CDFControl. It was primarily developed as an alternative to Microsoft Tracelog^[9] and TraceView^[10] tools to capture traces and view them in real-time. Over time the tool has matured into an offline analysis tool as well. Its main strengths compared to CDFAnalyzer are:

• Asynchronous read: we can browse while loading large trace files
• We can filter output by text
• We can sort by column
• We can have grid lines and column highlighting for easy reading
• Dynamic TMF files download
• There is a so called Expert Control to match errors to common solutions but it needs further development as it has too many false positives for high density^[11] traces.

However, it loads a trace fully into memory and consumes large amounts of it. Therefore, it could be a problem when we need to load several huge traces simultaneously for comparative analysis. CDFControl mitigates this by allowing splitting recorded traces into several files. For large traces it might be a problem when an error happened at an unspecified time and we need to load all trace parts separately to search for errors and do an intra-correlation^[12] analysis if necessary.

On the contrary, CDFAnalyzer doesn’t have the latter problem. Memory consumption is 100-200 times smaller: for 5.3 and 1.7Mb CDF files the commit size is 9.5Mb and 5.2Mb vs. 427.6Mb and 495.4Mb for CDFControl. It can also filter by column values (alo called multibraiding or adjoint threading^[13]) that facilitates large scale analysis. We can choose what columns to view and use Home and End keys to quickly navigate to the beginning and to the end of the loaded trace. However, CDFAnalyzer doesn’t have the ability to record traces because it was designed only for offline analysis.

The conclusion: if you need to quickly record Citrix CDF traces CDFControl is the best tool for Citrix terminal services environments and if the recorded traces are not big, for example, when only certain trace providers were selected and the tracing time interval doesn’t span hours. However, if we already have a trace collected by CDFControl or by other tools, CDFAnalyzer is indispensable in the identification of various software trace analysis patterns^[14].

[5]http://msdn.microsoft.com/en-us/library/ff545699.aspx
[6]http://support.citrix.com/article/CTX117426
[7]http://support.citrix.com/article/CTX111961
[8]http://support.citrix.com/article/CTX122741
[9]http://support.citrix.com/article/CTX111405
[10]http://support.citrix.com/article/CTX106233
[11]http://www.dumpanalysis.org/blog/index.php/2009/07/22/trace-analysis-patterns-part-5/
[12]http://www.dumpanalysis.org/blog/index.php/2009/06/16/trace-analysis-patterns-part-4/
[13]http://www.dumpanalysis.org/blog/index.php/2010/01/17/extending-multithreading-to-multibraiding-adjoint-threading/
[14] http://www.dumpanalysis.org/blog/index.php/trace-analysis-patterns/