ETL

From Just Solve the File Format Problem
(Difference between revisions)
Jump to: navigation, search
m
(mime type + software + samples + identification added)
 
Line 3: Line 3:
 
|subcat=System files
 
|subcat=System files
 
|extensions={{ext|etl}}
 
|extensions={{ext|etl}}
 +
|mimetypes={{mimetype|application/etl}}<ref>http://extension.nirsoft.net/etl</ref>
 
}}
 
}}
 
ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time.  
 
ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time.  
  
 
According to [https://file.org/extension/etl file.org] these files ''"can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."''
 
According to [https://file.org/extension/etl file.org] these files ''"can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."''
 +
 +
== Identification ==
 +
After the trace log file header the names of the logger and the log file are stored as null-terminated Unicode strings.
 +
So ETL files contain near the beginning the bytes sequence <code>.\0e\0\t\0l\0\0\0</code> triggered by used file name suffix <code>.etl</code>.
 +
<ref>https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/etw/tracelog/trace_logfile_header.htm</ref>
 +
 +
== Software ==
 +
* tracerpt
 +
* [https://github.com/airbus-cert/etl-parser etl-parser] Event Trace Log file reader in pure Python
 +
 +
== Sample files ==
 +
* https://github.com/airbus-cert/etl-parser/tree/master/tests/example/
  
 
== References ==
 
== References ==
Line 12: Line 25:
 
* [https://file.org/extension/etl file.org: Opening ETL Files]
 
* [https://file.org/extension/etl file.org: Opening ETL Files]
 
* [https://docs.microsoft.com/en-us/windows/desktop/etw/event-tracing-portal Microsoft: Event Tracing]
 
* [https://docs.microsoft.com/en-us/windows/desktop/etw/event-tracing-portal Microsoft: Event Tracing]
 +
<references/>
 +
 +
[[Category:Microsoft]]
 +
[[Category:Windows]]

Latest revision as of 21:03, 28 September 2022

File Format
Name ETL
Ontology
Extension(s) .etl
MIME Type(s) application/etl[1]

ETL (Event Trace Log) files store the output of instruments attached to their application, or user or kernel events during real-time. The enable the consumption of those events post- that time.

According to file.org these files "can contain information about disk access and page faults, logging high-frequency events and recording the performance of the Microsoft operating system. This information can be used to analyze and adjust voice response software applications."

Contents

[edit] Identification

After the trace log file header the names of the logger and the log file are stored as null-terminated Unicode strings. So ETL files contain near the beginning the bytes sequence .\0e\0\t\0l\0\0\0 triggered by used file name suffix .etl. [2]

[edit] Software

  • tracerpt
  • etl-parser Event Trace Log file reader in pure Python

[edit] Sample files

[edit] References

  1. http://extension.nirsoft.net/etl
  2. https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/etw/tracelog/trace_logfile_header.htm
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox