Event Trace Log file parser in pure Python
Project description
etl-parser is a pure python 3 parser library for ETL Windows log files. ETL is the default format for [ETW](https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal). But It’s also the default format for the Kernel logger.
etl-parser has no system dependencies, and will work well on both Windows and Linux.
Since this format is not documented, we merged information from the blog of [Geoff Chappel](https://www.geoffchappell.com/) and reverse engineering activities conducted by Airbus CERT team.
What is ETL and why is it a pain to work with? Consider ETL as a container, like AVI is for video files. Reading ETL is similarly frustrating as reading an AVI file without the right codec.
etl-parser tries to solve this problem by including parsers for the following well known log formats: * ETW manifest base provider * TraceLogging * MOF for kernel log
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file etl-parser-1.0.1.tar.gz.
File metadata
- Download URL: etl-parser-1.0.1.tar.gz
- Upload date:
- Size: 856.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.7.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
61a6b56cdaeddce976a54f15215a7d389ba5a663a56ae3ae00dc4fb8764854d7
|
|
| MD5 |
75e3b40e90d7ad73cac3dd6f86f024b4
|
|
| BLAKE2b-256 |
a5018b0e59f99423dabf4f9b9099979f4766dd5030211db3dd96d0e5b8977256
|
