This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 66%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIM%3C/text%3E%3C/svg%3E)
Hello,
I have an application that saves the logs in etl format, the ask is to monitor for some EventIDs in that ETL file.
I can open the etl file with PowerShell and do some research so I can write a custom rule based on a PS that looks for that info but I prefer (if possible) to have the agent with some native module do the work.
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 31%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
What's the format of these ETL files? SCOM doesn't have any specific module for them, but maybe a regular text log monitor could work...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi,
ETL files are log files that have been created by the Microsoft Tracelog software application. This is in binary file format, so the regular expression cannot do the trick. (It can handles plain text gracefully)
If our self-generated log appears in the Available event logs list (see below example, which is similar to get-winevent cmdlet), then we can create a rule based on specific event id. Otherwise, it seems a rule/monitor based on PS script (to parse the .etl file) is the better choice.
For more details about rules based on event id, we may read:
Hope the above information helps.
Alex Zhu
If the response is helpful, please click "Accept Answer" and upvote it.
ETL files cannot be parsed natively, I am afraid. You would like to go the PowerShell way to do the logic and then use a rule or a monitor to do the rest.
Regards,
Stoyan