Microsoft-Windows-Ndu

23 events across 1 channel

Event ID	Title	Channel
2001	_DebugString.	Diagnostic
2002	_FunctionName Failed with _Status.	Diagnostic
2003	Interface (Luid:Interface_Luid) added to per-interface list for proc _IfLuid at …	Diagnostic
2004	established_ExePath Flow (Id:SvcTag) established.	Diagnostic
2005	Flow Context (Flow Id:Flow_Context_Flow_Id) Refcount_FlowHandle.	Diagnostic
2006	Updated Interface Stats IfLuid:Updated_Interface_Stats_IfLuid …	Diagnostic
2007	Updated Flow Stats (Flow Id:Updated_Flow_Stats_Flow_Id) IfLuid:IfLuid …	Diagnostic
2008	Registration for quota exceeded notification.	Diagnostic
2009	Unregistered from quota exceeded notification.	Diagnostic
2010	Registration for byte count limit.	Diagnostic
2011	Unregistered from byte count limit notification.	Diagnostic
2012	_DebugString.	Diagnostic
2013	_DebugString.	Diagnostic
2014	IfLuid:IfLuid ProfileId:ProfileId BytesSent:BytesSent BytesRecvd:BytesRecvd …	Diagnostic
2015		Diagnostic
2016		Diagnostic
2017	NduMergeSmbStatsList: Not transferred InterfaceLuid and ProfileId to Smb stats …	Diagnostic
2018	ProfileIdTracker::GetProfileIdForInterface: Profile Id not found.	Diagnostic
2019	NduGetHostSid::UMgrEnumerateSessionUsers could not find SessionId: _SessionId.	Diagnostic
2020	NduUpdateProcessStatsForContainerOrVmId succeeded: …	Diagnostic
2021	OuterProcessId: VirtualIfLuid:IfAlias OuterProcessId:Title …	Diagnostic
2022	Wake count updated IfLuid:IfLuid Flow Id:FlowHandle (0 means interface) …	Diagnostic
2023		Diagnostic

Event ID 2001 — _DebugString.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Message #

%1

Fields #

Name	Description
`_DebugString` UnicodeString	—

Event ID 2002 — _FunctionName Failed with _Status.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Description

_FunctionName Failed with _Status.

Message #

%1 Failed with %2

Fields #

Name	Description
`_FunctionName` UnicodeString	—
`_Status` UInt32	—

Event ID 2003 — Interface (Luid:Interface_Luid) added to per-interface list for proc _IfLuid at active index _ProcNum.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Description

Interface (Luid:Interface_Luid) added to per-interface list for proc _IfLuid at active index _ProcNum.

Message #

Interface (Luid:%1) added to per-interface list for proc %2 at active index %3

Fields #

Name	Description
`Interface_Luid`	Interface (Luid.
`_IfLuid` UInt64	—
`_ProcNum` UInt32	—
`_ListIndex` UInt16	—

Event ID 2004 — established_ExePath Flow (Id:SvcTag) established.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerFlowStats

Description

established_ExePath Flow (Id:SvcTag) established. ExePath: PkgName SvcTag:UserId PkgName:Pid UserId:_Direction Pid: _FlowHandle.

Message #

%1 Flow (Id:%2) established. ExePath: %3 SvcTag:%4 PkgName:%5 UserId:%6 Pid: %7

Fields #

Name	Description
`established_ExePath`	—
`SvcTag`	—
`PkgName`	—
`UserId`	—
`Pid`	—
`_Direction` UnicodeString	—
`_FlowHandle` UInt64	—
`_ExePath` UnicodeString	—
`_SvcTag` UInt32	—
`_PkgName` UnicodeString	—
`_UserId` SID	—
`_Pid` UInt32	—

Event ID 2005 — Flow Context (Flow Id:Flow_Context_Flow_Id) Refcount_FlowHandle.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerFlowStats

Description

Flow Context (Flow Id:Flow_Context_Flow_Id) Refcount_FlowHandle.

Message #

Flow Context (Flow Id:%1) Refcount%2

Fields #

Name	Description
`Flow_Context_Flow_Id`	Flow Context (Flow Id.
`_FlowHandle` UInt64	—
`_RefDeref` UnicodeString	—

Event ID 2006 — Updated Interface Stats IfLuid:Updated_Interface_Stats_IfLuid ProfileId:ProfileId BytesSent:BytesSent BytesRecvd:BytesRecvd.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Description

Updated Interface Stats IfLuid:Updated_Interface_Stats_IfLuid ProfileId:ProfileId BytesSent:BytesSent BytesRecvd:BytesRecvd.

Message #

Updated Interface Stats IfLuid:%1 ProfileId:%2 BytesSent:%3 BytesRecvd:%4

Fields #

Name	Description
`Updated_Interface_Stats_IfLuid` UInt64	—
`ProfileId` UInt32	—
`BytesSent` UInt32	—
`BytesRecvd` UInt32	—
`_IfLuid` UInt64	—
`_ProfileId` UInt32	—
`_BytesSent` UInt32	—
`_BytesRecvd` UInt32	—

Event ID 2007 — Updated Flow Stats (Flow Id:Updated_Flow_Stats_Flow_Id) IfLuid:IfLuid BytesSent:BytesSent BytesRecvd:BytesRecvd.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerFlowStats

Description

Updated Flow Stats (Flow Id:Updated_Flow_Stats_Flow_Id) IfLuid:IfLuid BytesSent:BytesSent BytesRecvd:BytesRecvd.

Message #

Updated Flow Stats (Flow Id:%2) IfLuid:%1 BytesSent:%3 BytesRecvd:%4

Fields #

Name	Description
`IfLuid` UInt64	—
`Updated_Flow_Stats_Flow_Id` UInt64	—
`BytesSent` UInt32	—
`BytesRecvd` UInt32	—
`_IfLuid` UInt64	—
`_FlowHandle` UInt64	—
`_BytesSent` UInt32	—
`_BytesRecvd` UInt32	—

Event ID 2008 — Registration for quota exceeded notification.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: TokenTracking

Description

Registration for quota exceeded notification. ExePath: _ExePath SvcTag:_SvcTag PkgName:_PkgName UserId:_UserId Cookie: _Cookie Quota: _Quota.

Message #

Registration for quota exceeded notification. ExePath: %1 SvcTag:%2 PkgName:%3 UserId:%4 Cookie: %5 Quota: %6

Fields #

Name	Description
`_ExePath` UnicodeString	—
`_SvcTag` UInt32	—
`_PkgName` UnicodeString	—
`_UserId` SID	—
`_Cookie` UInt32	—
`_Quota` UInt32	—

Event ID 2009 — Unregistered from quota exceeded notification.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: TokenTracking

Description

Unregistered from quota exceeded notification. Cookie: _Cookie.

Message #

Unregistered from quota exceeded notification. Cookie: %1

Fields #

Name	Description
`_Cookie` UInt32	—

Event ID 2010 — Registration for byte count limit.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Description

Registration for byte count limit. Luid: _IfLuid ProfileId:_ProfileId Limit: _BytesLimit.

Message #

Registration for byte count limit. Luid: %1 ProfileId:%2 Limit: %3

Fields #

Name	Description
`_IfLuid` UInt64	—
`_ProfileId` UInt32	—
`_BytesLimit` UInt64	—

Event ID 2011 — Unregistered from byte count limit notification.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Description

Unregistered from byte count limit notification. Luid: _IfLuid ProfileId:_ProfileId.

Message #

Unregistered from byte count limit notification. Luid: %1 ProfileId:%2

Fields #

Name	Description
`_IfLuid` UInt64	—
`_ProfileId` UInt32	—

Event ID 2012 — _DebugString.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Message #

%1

Fields #

Name	Description
`_DebugString` UnicodeString	—

Event ID 2013 — _DebugString.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Message #

%1

Fields #

Name	Description
`_DebugString` UnicodeString	—

Event ID 2014 — IfLuid:IfLuid ProfileId:ProfileId BytesSent:BytesSent BytesRecvd:BytesRecvd IsCosted: IsCosted.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Description

IfLuid:IfLuid ProfileId:ProfileId BytesSent:BytesSent BytesRecvd:BytesRecvd IsCosted: IsCosted.

Message #

IfLuid:%1 ProfileId:%2 BytesSent:%3 BytesRecvd:%4 IsCosted: %5

Fields #

Name	Description
`IfLuid` UInt64	—
`ProfileId` UInt32	—
`BytesSent` UInt64	—
`BytesRecvd` UInt64	—
`IsCosted` Boolean	—
`_IfLuid` UInt64	—
`_ProfileId` UInt32	—
`_BytesSent` UInt64	—
`_BytesRecvd` UInt64	—
`_IsCosted` Boolean	—

Event ID 2015 —

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduPowerDebug

Fields #

Name	Description
`_IfLuid` UInt64	—
`TimeSinceLast` UInt64	—
`Energy` UInt64	—
`CurrentProc` UInt32	—
`BytesTxRx` UInt32	—
`Pid` UInt32	—
`IfMediaType` UInt8	—

Event ID 2016 —

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduPowerQueueWorkItem

Fields #

Name	Description
`ProcId` UInt32	—
`Count` UInt32	—

Event ID 2017 — NduMergeSmbStatsList: Not transferred InterfaceLuid and ProfileId to Smb stats because there is no one-and-only-one file transfer service (SMB) in ...

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Description

NduMergeSmbStatsList: Not transferred InterfaceLuid and ProfileId to Smb stats because there is no one-and-only-one file transfer service (SMB) in the system. SystemSMB count:_SystemSmbCount InContainer:_IsContainer.

Message #

NduMergeSmbStatsList: Not transferred InterfaceLuid and ProfileId to Smb stats because there is no one-and-only-one file transfer service (SMB) in the system. SystemSMB count:%1 InContainer:%2;

Fields #

Name	Description
`_SystemSmbCount` UInt64	—
`_IsContainer` Boolean	—

Event ID 2018 — ProfileIdTracker::GetProfileIdForInterface: Profile Id not found.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Description

ProfileIdTracker::GetProfileIdForInterface: Profile Id not found. Luid: _IfLuid.

Message #

ProfileIdTracker::GetProfileIdForInterface: Profile Id not found. Luid: %1

Fields #

Name	Description
`_IfLuid` UInt64	—

Event ID 2019 — NduGetHostSid::UMgrEnumerateSessionUsers could not find SessionId: _SessionId.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Description

NduGetHostSid::UMgrEnumerateSessionUsers could not find SessionId: _SessionId.

Message #

NduGetHostSid::UMgrEnumerateSessionUsers could not find SessionId: %1

Fields #

Name	Description
`_SessionId` UInt64	—

Event ID 2020 — NduUpdateProcessStatsForContainerOrVmId succeeded: CurrentProcNumber:NduUpdateProcessStatsForContainerOrVmId_succeeded_CurrentProcNumber PartitionId:PartitionId Direction:Direction IfLuid:IfLuid If...

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduUpdateProcessStatsForContainerOrVmId

Description

NduUpdateProcessStatsForContainerOrVmId succeeded: CurrentProcNumber:NduUpdateProcessStatsForContainerOrVmId_succeeded_CurrentProcNumber PartitionId:PartitionId Direction:Direction IfLuid:IfLuid IfType:IfType BytesSent:BytesSent BytesRecvd:BytesRecvd.

Message #

NduUpdateProcessStatsForContainerOrVmId succeeded: CurrentProcNumber:%1 PartitionId:%2 Direction:%3 IfLuid:%4 IfType:%5 BytesSent:%6 BytesRecvd:%7

Fields #

Name	Description
`NduUpdateProcessStatsForContainerOrVmId_succeeded_CurrentProcNumber` UInt32	NduUpdateProcessStatsForContainerOrVmId succeeded: CurrentProcNumber.
`PartitionId` GUID	—
`Direction` UInt8	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`IfLuid` UInt64	—
`IfType` UInt32	—
`BytesSent` UInt64	—
`BytesRecvd` UInt64	—
`CurrentProcNumber` UInt32	—

Event ID 2021 — OuterProcessId: VirtualIfLuid:IfAlias OuterProcessId:Title IfAlias:VirtualIfLuid.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduVpnDebugInfo

Description

OuterProcessId: VirtualIfLuid:IfAlias OuterProcessId:Title IfAlias:VirtualIfLuid.

Message #

%1: VirtualIfLuid:%2 OuterProcessId:%3 IfAlias:%4

Fields #

Name	Description
`OuterProcessId` UInt32	1: VirtualIfLuid.
`IfAlias` UnicodeString	—
`Title` UnicodeString	—
`VirtualIfLuid` UInt64	—

Event ID 2022 — Wake count updated IfLuid:IfLuid Flow Id:FlowHandle (0 means interface) WakeCount:WakeCount.

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: NduDebugTrace

Description

Wake count updated IfLuid:IfLuid Flow Id:FlowHandle (0 means interface) WakeCount:WakeCount.

Message #

Wake count updated IfLuid:%1 Flow Id:%2 (0 means interface) WakeCount:%3

Fields #

Name	Description
`IfLuid` UInt64	—
`FlowHandle` UInt64	—
`WakeCount` UInt32	—

Event ID 2023 —

Provider: Microsoft-Windows-Ndu
Channel: Diagnostic
Task: PerInterfaceStats

Fields #

Name	Description
`_ProcNum` UInt32	—
`_ListIndex` UInt16	—
`_ListHead` UInt64	—
`_Entry` UInt64	—
`_EntryFlink` UInt64	—
`_EntryBlink` UInt64	—
`_Flags` UInt32	—