Request trial
Request Trial

NXLog Docs

ETW (Event Tracing for Windows)

What is ETW?

Description

ETW (Event Tracing for Windows) is a kernel-level mechanism in Microsoft Windows that enables high-efficiency recording of kernel or application-defined events. It is an advanced debugging feature provided by Microsoft that allows you to create customized event tracing using a provider-consumer model. You can configure different Windows services, such as the Windows Firewall and DNS Server, to log events through Windows Event Tracing.

In the world of NXLog

Debug and Analytical channels rely on ETW, and you cannot collect them through regular Windows Event Log channels. NXLog provides the im_etw input module to read event traces directly for maximum efficiency. Unlike other solutions, im_etw does not require saving log data to an intermediate file on disk. Instead, it reads the data straight from the ETW provider.

Known as

ETW, Event Tracing for Windows, Windows Event Tracing, event tracing

Related

Event Tracing for Windows (im_etw)
Collecting ETW logs
DNS logging via ETW providers

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS