ETL
From Just Solve the File Format Problem
(Difference between revisions)
m |
(mime type + software + samples + identification added) |
||
| Line 3: | Line 3: | ||
|subcat=System files | |subcat=System files | ||
|extensions={{ext|etl}} | |extensions={{ext|etl}} | ||
| + | |mimetypes={{mimetype|application/etl}}<ref>http://extension.nirsoft.net/etl</ref> | ||
}} | }} | ||
ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time. | ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time. | ||
According to [https://file.org/extension/etl file.org] these files ''"can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."'' | According to [https://file.org/extension/etl file.org] these files ''"can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."'' | ||
| + | |||
| + | == Identification == | ||
| + | After the trace log file header the names of the logger and the log file are stored as null-terminated Unicode strings. | ||
| + | So ETL files contain near the beginning the bytes sequence <code>.\0e\0\t\0l\0\0\0</code> triggered by used file name suffix <code>.etl</code>. | ||
| + | <ref>https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/etw/tracelog/trace_logfile_header.htm</ref> | ||
| + | |||
| + | == Software == | ||
| + | * tracerpt | ||
| + | * [https://github.com/airbus-cert/etl-parser etl-parser] Event Trace Log file reader in pure Python | ||
| + | |||
| + | == Sample files == | ||
| + | * https://github.com/airbus-cert/etl-parser/tree/master/tests/example/ | ||
== References == | == References == | ||
| Line 12: | Line 25: | ||
* [https://file.org/extension/etl file.org: Opening ETL Files] | * [https://file.org/extension/etl file.org: Opening ETL Files] | ||
* [https://docs.microsoft.com/en-us/windows/desktop/etw/event-tracing-portal Microsoft: Event Tracing] | * [https://docs.microsoft.com/en-us/windows/desktop/etw/event-tracing-portal Microsoft: Event Tracing] | ||
| + | <references/> | ||
| + | |||
| + | [[Category:Microsoft]] | ||
| + | [[Category:Windows]] | ||
Latest revision as of 21:03, 28 September 2022
ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time.
According to file.org these files "can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."
Contents |
[edit] Identification
After the trace log file header the names of the logger and the log file are stored as null-terminated Unicode strings.
So ETL files contain near the beginning the bytes sequence .\0e\0\t\0l\0\0\0 triggered by used file name suffix .etl.
[2]
[edit] Software
- tracerpt
- etl-parser Event Trace Log file reader in pure Python
