•        142

An easy to use ETW / WPP trace viewer



Related Projects

ETW2JSON - Tool and library to convert ETW logs to JSON files

ETW2JSON is a tool that converts ETW Log Files (.ETL) to JSON using the Newtonsoft.Json library. It can be used as a stand-alone command line tool that will take as input locations of ETL files and an output path, or it can take your implementation of Newtonsoft.Json's JsonWriter class.Converting ETW Log Files (.ETL) to JSON makes accessible to you a plethora of data that was previously restricted to expert ETW tools or libraries. The goal of this tool is to make ETW data more accessible to a larger developer and operations audience by converting to a human-readable format that is ubiquitous.

sawbuck - Automatically exported from

Sawbuck is a log viewer and controller for Windows Chrome logging, and for other applications or plugins that use the logging facility in Chrome base.Logging in Chrome is integrated with Event Tracing for Windows (ETW), which allows ETW controllers like Sawbuck to control log verbosity at runtime. The Chrome logging integration also captures the call stack at the logging site, which can then be resolved and displayed by log viewers such as Sawbuck.

SvcPerf - E2E ETW trace analysis tool

End-to-End ETW trace viewer for manifest based traces.

Meniscus - The Python Event Logging Service

Meniscus is a Python based system for event collection, transit and processing in the large. It's primary use case is for large-scale Cloud logging, but can be used in many other scenarios including usage reporting and API tracing. Its components include Collection, Transport, Storage, Event Processing & Enhancement, Complex Event Processing, Analytics.

SSIS Event Log Business Intelligence

The SSIS Event Log Business Intelligence package is a complete BI project focused around SSIS Event Log data. Components include: - 9 SSRS Reports - ETL Data Mart - SSIS packages to load ETL Data Mart - Analysis Services Cube - PerformancePoint Dashboard

RealtimeTracing - Realtime ETW Tracing with SignalR

Realtime ETW Tracing with SignalR

Essential Diagnostics

Using and extending System.Diagnostics trace logging. This project uses the inbuilt features of the System.Diagnostics namespace, and shows how logging and tracing can be integrated into a client application whilst taking advantage of the services exposed by System.Diagnostics.

Sentry - Realtime Platform-Agnostic Error Logging and Aggregation platform

Sentry is a realtime event logging and aggregation platform. It specializes in monitoring errors and extracting all the information needed to do a proper post-mortem without any of the hassle of the standard user feedback loop.


GUI wrapper for the XPerf performance analysis command-line tool.

BlackBox Event Log Framework

BlackBox Event Log Framework is a easy to understand, use, extend and multiple platform event logging framework.

Microsoft.Diagnostics.Tracing.Logging - .NET library for logging data via EventSource/ETW

This project aims to provide a suite of tools for using .NET's EventSource to perform logging within applications. Along with systems for logging to a variety of destinations (memory, console, disk, network) tools are provided which wrap TraceEvent to provide a streamlined experience for parsing ETW data both from disk and realtime sessions.Additional documentation is available in the doc directory.

funnel - A minimalistic 12 factor log router written in Go

The 12 factor rule for logging says that an app "should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout." The execution environment should take care of capturing the logs and perform further processing with it. Funnel is this "execution environment".All you have to do from your app is to print your log line to stdout, and pipe it to funnel. You can still use any logging library inside your app to handle other stuff like log level, structured logging etc. But don't bother about the log destination. Let funnel take care whether you want to just write to files or stream your output to Kafka. Think of it as a fluentd/logstash replacement(with minimal features!) but having only stdin as an input.


Provides ability to route Common.Logging entries to Windows Event Tracing for Windows (ETW)

connect-log-api - The API server for a Blockland connection logging/tracing system.

The API server for a Blockland connection logging/tracing system.

LogJoint - Log Viewer

LogJoint is a log viewer tool. It makes it easier to analyze the work of multicomponent multithreaded applications by joining multiple logs into single view.

SharePoint Logging Library By Ayman El-Hattab

This library helps you writing code that incorporates logging to SharePoint logs. Writing to the same trace log alleviates the need for developers to log their development information in other places such as the Windows Event Log which is commonly used by system administrators.

krabsetw - KrabsETW provides a modern C++ wrapper around the low-level ETW trace consumption functions

Krabs is a C++ library that simplifies interacting with ETW. It allows for any number of traces and providers to be enabled and for client code to register for event notifications from these traces.Krabs also provides code to simplify parsing generic event data into strongly typed data types.

logger.js - JS log queue for silent event logging on production systems

JS log queue for silent event logging on production systems

node-comment-macros - JavaScript comment macros useful for injecting logging, tracing, debugging, or stats related code

Node / JavaScript comment macros useful for injecting logging, tracing, debugging, or stats related code.I wouldn't recommend this at the library level, normally even at the application level I wouldn't recommend it, but some of our projects require a lot of logging and metrics, so this helps cut the clutter.

procfilter - A YARA-integrated process denial framework for Windows

ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot.ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions.