WPR TraceMerge EventMetadata not provided for tool-generated manifest events
Hello All,
I just noticed that WPR TraceMerge EventMetadata events are not inserted for tool-generated manifest events, such as events produced by the Ntfs_NtfsLog provider.
wevtutil ep
shows two manifests for this provider
Microsoft-Windows-NtfsLog_b78f82ee6b3535f72638890f9a6d1d0a Microsoft-Windows-NtfsLog_e59453f9935b35d99f4c769d51224af1
However only the "current" manifest is available on a system (the older manifests will be overwritten (e.g. when ntfsres.dll is updated, in this example)).
It would be good if WPR merged-in event metadata for providers with distinct control and decode GUIDs.
I know that it is a bit cheeky, but since this is a rather esoteric subject I wanted to tag someone who might be able to do something about this: @Tristan Gibeau - hope that you don't mind.
Gary