Event Trace Log file parser in pure Python
Project description
etl-parser is a pure python 3 parser library for ETL Windows log files. ETL is the default format for [ETW](https://docs.microsoft.com/en-us/windows/win32/etw/event-tracing-portal). But It’s also the default format for the Kernel logger.
etl-parser has no system dependencies, and will work well on both Windows and Linux.
Since this format is not documented, we merged information from the blog of [Geoff Chappel](https://www.geoffchappell.com/) and reverse engineering activities conducted by Airbus CERT team.
What is ETL and why is it a pain to work with? Consider ETL as a container, like AVI is for video files. Reading ETL is similarly frustrating as reading an AVI file without the right codec.
etl-parser tries to solve this problem by including parsers for the following well known log formats: * ETW manifest base provider * TraceLogging * MOF for kernel log
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size | File type | Python version | Upload date | Hashes |
|---|---|---|---|---|
| Filename, size etl-parser-1.0.1.tar.gz (856.8 kB) | File type Source | Python version None | Upload date | Hashes View |
