Site icon TOSS



Start-SbecNtKernelLogSession is accessible with the help of BootEventCollector module. To configure BootEventCollector, go through this link.


Starts an NT Kernel Logger log session with forwarding of events to the Collector.


The Start-SbecNtKernelLogSession cmdlet starts a real-time NT Kernel Logger trace session with forwarding of the events to the Collector. The name of the session is fixed as NT Kernel Logger and the GUID is fixed as {9e814aad-3204-11d2-9a82-006008a86939}.



Specifies the buffer size for the session, in kilobytes. This is the size of one buffer, with the count of these buffers set by the MinimumBufferCount and MaximumBufferCount parameters.

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies the type of clock used for the events collected by this session: The acceptable values for this parameter are:

Accepted values:Default, QueryPerformanceCounter, SystemTime, CpuCycleCounter
Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies the timeout in seconds for the session buffers to get automatically flushed. You can disable the flushing of buffers on timeout by setting this parameter to 0, then the buffers will be written only when full or on an explicit flush.

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies flags for the NT Kernel Logger that enable the kernel events. For the setup and boot monitoring, the only reasonable flag is Process. This enumeration type is defined in $PsHome\Modules\BootEventCollector\SbecTraceHelpers.psm1. The acceptable values for this parameter are:

Accepted values:None, Process, Thread, ImageLoad, ProcessCounters, ContextSwitch, Dpc, Interrupt, SystemCall, DiskIO, DiskFileIO, DiskIOInit, Dispatcher, MemoryPageFaults, MemoryHardFaults, VirtualAlloc, NetworkTCPIP, Registry, Alpc, SplitIO, Driver, FileIO, FileIOInit, Profile
Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies the maximum number of buffers to allocate for this session.

Aliases:MaximumBuffers, maxbuf
Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies the minimum number of buffers to allocate for this session.

Aliases:MinimumBuffers, minbuf
Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Start-SbecNtKernelLogSession [[-ClockType] <ClientContext>] [[-BufferSize] <UInt32>] [[-MinimumBufferCount] <UInt32>] [[-MaximumBufferCount] <UInt32>] [[-FlushSeconds] <UInt32>] [[-KernelEnableFlags] <EventTraceFlag>] [-PassThru] [<CommonParameters>]

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Start-SbecNtKernelLogSession

You can also read about

To know more PowerShell cmdlets(Commands) on BootEventCollector click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version