etl.etl
#
$ target-query <path/to/target> -f etl.etl
Module |
|
Output |
|
Module documentation
Plugin for fetching and parsing Windows ETL Files (*.etl)
Function documentation
Return the contents of the ETL files generated at last boot and last shutdown.
An event trace log (.etl) file, also known as a trace log, stores the trace messages generated during one or more trace sessions. A trace session is period in which a trace provider (a component of a user-mode application or kernel-mode driver that uses Event Tracing for Windows (ETW) technology to generate trace messages or trace events) is generating trace messages.
- References:
Yields dynamically created records based on the fields inside an ETL event. At least contains the following fields:
hostname (string): The target hostname. domain (string): The target domain. ts (datetime): The TimeCreated_SystemTime field of the event. Provider_Name (string): The Provider_Name field of the event. EventType (string): The type of the event defined by the manifest file.