А АMonday, 7 May 2018

Conversion of ETW files.

Hi all.

Maybe you know that Window 10 has another format of tracing files. It's ETW. And Windows Update logs are now generated using ETW (Event Tracing for Windows) too.

So if you would like to watch to c:\WindowsUpdate.log file ypu can read only one hint:
Please run the Get-WindowsUpdateLog PowerShell command to convert ETW traces into a readable WindowsUpdate.log.

No problem. You can launch Powershell concole and type it for run:
Get-WindowsUpdateLog -Verbose

So, Powershell with tracerpt.exe utility will make for you huge final WindowsUpdate.log file directly to your Desktop.

Do you know where live your Powershell? No. Ok.

You can do it manually with  tracerpt.exe utility yourself.

Our example:
tracerpt.exe c:\windows\logs\WindowsUpdate\WindowsUpdate.20180505.075600.137.1.etl -o d:\1.csv -of CSV
tracerpt.exe c:\windows\logs\WindowsUpdate\WindowsUpdate.20180505.123139.142.1.etl -o d:\2.csv -of CSV

copy 1.csv+2.csv WindowsUpdate.log

Just a minute, I know plus one utility which can give us conversion of ETW files to text. If you find yourself in a situation where you need to convert some Windows Update .ETL files into human readable format and the Get-WindowsUpdateLog PowerShell cmdlet isn’t available for whatever reason, you can use TraceFmt.exe to do this for you.

However the TraceFmt utility available through both the Windows Software Development Kit (SDK) and Windows Driver Kit (WDK). It takes the details in the trace logs and outputs a human-readable text file containing the formatted trace messages. How does it work?

Our example:
tracefmt.exe -o "%UserProfile%\Desktop\WindowsUpdate.log"
-r srv*%SystemDrive%\Symbols*https://msdl.microsoft.com/download/symbols

See you later.

1 comment:

Anonymous said...

Конвертируем файл .etl в .txt:
netsh trace convert input=trace.etl output=trace.txt dump=txt > nul

Post a Comment

А что вы думаете по этому поводу?

Версия на печать


Медиа облако