Let's Talk

ETW (Event Tracing for Windows)

Description: A Microsoft Windows feature that allows recording of kernel and application-defined events. You can configure different Windows services, such as the Windows Firewall and DNS Server, to log events through Windows Event Tracing.

Debug and Analytical channels rely on ETW, and they cannot be collected through regular Windows Event Log channels. NXLog Agent can read these event traces using the Event Tracing for Windows input module. This module does not require you to save logs to an intermediate file on disk. Instead, it reads the data directly from the ETW provider.
Also known as: ETW, Event Tracing for Windows, Windows Event Tracing, event tracing
See also: Collecting ETW logs
DNS logging via ETW providers
Solving log collection challenges with Event Tracing for Windows

A

Agent-based log collection

Agentless log collection

Agent management

Automatic enrollment

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

Customer portal

D

DNS (Domain Name System)

E

Endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

M

Multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X