Obs/bin/ObsAgent/lib/LogParsingEngine/winmanifest/readme.txt
|
This folder contains manifest files used for processing ETLs from Get-AzureStackLogs.
List of manifest files and their corresponding locations is as below: ACS Storage ETL logs: Relative Log path : AzureStackLogs-20170627180634\ACS-20170627182016\ShareLogs\StorageService\N22R0403-ACS01_AzureStack.Service.Storage.2017-06-27.64.etl # of manifest files : 1 Filename : WossEvent.man File path (git repo): https://msazure.visualstudio.com/One/_git/AzureStack-Services-Storage?path=%2Fsrc%2Fsdx%2Fbase%2Fwoss%2Fsrc%2Fcommon%2FEvent%2FWossEvent.man&version=GBmaster&_a=contents Network Controller ETL logs: Relative Log path : AzureStackLogs-20170627180634\NC-20170627181406\n22r0403-NC01\SDNDiagnostics\Logs\SDNDiagnosticsTrace_000056.etl # of manifest files : 14 \\skyshare\scratch\Tools\Manifests\RS5MAN\FrameworkEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-VSwitchServiceEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNAPIEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNGWMEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SLBManagerServiceEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNHelperEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNDisc-Events.man \\skyshare\scratch\Tools\Manifests\RS5MAN\SDNMonEventProvider.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNSIEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNFNM-Events.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-WMIv2Provider.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNFWEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\UpdateEvents.man \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-NetworkController-SDNBREvents.man IIS Shared Libraries: Relative log path : WAS-part3-20200923212434.zip/ShareLogs/V-WAS01_WAS-IIS.2020-09-23.2.etl # of manifest files : 1 FileName : IIS-SharedLibraries-Events.man File path (git repo): https://microsoft.visualstudio.com/OS/_git/os?path=%2Fservercommon%2Finetsrv%2Fiis%2Fiisrearc%2Fcore%2Fcommon%2Fiisres%2FIIS-SharedLibraries-Events.man&_a=contents&version=GBofficial%2Frsmaster Notes : Had to remove all event log providers due to incompatibility with the TraceEvent library (unable to deserialize the event "value" attributes as int since they are formated as a hex string.) ADFS Identity ETL logs: Relative Log path : AzureStackLogs-20190705230216\ADFS-20190705230249\ShareLogs\HPE2-ADFS01_Adfs.2019-07-05.2.etl # of manifest files : 1 Filename : IdentityServer-Events.man File path (git repo): https://microsoft.visualstudio.com/_git/os?path=%2Fds%2Fsecurity%2FADFSv2%2FProduct%2FMicrosoft.IdentityServer.Diagnostics%2FIdentityServer-Events.man&version=GBofficial%2Frs5_release_svc Docker Containers ETL logs: Relative Log path : AzureStackLogs-20190708193639\FabricRingServices-20190708193639\ShareLogs\Docker\N22R0403-XRP01_DockerContainers.2019-07-04.1.etl # of manifest files : 1 This ETW provider {a3693192-9ed6-46d2-a981-f8226c8363bd} emits only a message string, and not a specially structured ETW event. Therefore, it is not required to register a manifest file with the system to read and interpret its ETW events. However the kusto ingestion parser requires a manifest file. Hence this manifest file is manually generated standalone file with just one generic event. [Further info: https://docs.docker.com/config/containers/logging/etwlogs/] [Not_Checked_in\Not_generated_during_build] - DockerContainers.man SDN HostAgent ETL logs: Relative Log path : AzureStackLogs-20170627180634\BareMetal-20170627180831\ASRR1N22R04U17\tracing\SDNDiagnostics\Logs\SDNDiagnosticsTrace_000056.etl # of manifest files : 1 \\depot\rs1_release_d_srv\services\NetworkController\HostAgent\Manifest\NcHostAgent.man SLB ETL logs: Relative Log path : AzureStackLogs-20170627180634\SLB-20170627181306\ShareLogs\N22R0403-SLB01_AzureStack.SLB.2017-06-27.63.etl # of manifest files : 2 \\skyshare\scratch\Tools\Manifests\RS5MAN\Microsoft-Windows-SlbMuxDriver.man \\skyshare\scratch\Tools\Manifests\RS5MAN\slbmux.man WAS ETL logs: Relative Log path : AzureStackLogs-20171010074034\WAS-20170918074319\WAS-20170918074319\N25R0402-WAS01_WAS.2017-09-21.2.etl # of manifest files : 8 [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Auth.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Client.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Common.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Ext.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-OutgoingRequest.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-PageRequest.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Request.man [Not_Checked_in\Generated_during_build] - Microsoft-Portal-Framework-Session.man NC Service Fabric ETL logs: Relative Log path : AzureStackLogs-20171116195514/NC-20171116200803.zip/u15a0301-NC01/Traces/u15a0301-NC01_fabric_traces_5.1.163.9590_131553632677636688_1.etl # of manifest files : 22 Source path for the manifests : https://microsoft.sharepoint.com/teams/WindowsFabric/Releases/Forms/AllItems.aspx?FolderCTID=0x012000B704456948FBE24E9C416D0EE249E1FB&id=%2Fteams%2FWindowsFabric%2FReleases%2FV5%2E1%2FCU5%2FMicrosoftServiceFabric%2EInternal%2FTools%2Ezip&parent=%2Fteams%2FWindowsFabric%2FReleases%2FV5%2E1%2FCU5%2FMicrosoftServiceFabric%2EInternal Microsoft-ServiceFabric-Events.man Microsoft-ServiceFabric-Events_4.5.9999.0.man Microsoft-ServiceFabric-KtlEvents.man Microsoft-ServiceFabric-KtlEvents_4.5.9999.0.man Microsoft-ServiceFabric-LeaseEvents.man Microsoft-ServiceFabric-LeaseEvents_4.5.9999.0.man Microsoft-WindowsFabric-Events_4.0.9999.0.man Microsoft-WindowsFabric-Events_4.1.9999.0.man Microsoft-WindowsFabric-Events_4.2.9999.0.man Microsoft-WindowsFabric-Events_4.3.9999.0.man Microsoft-WindowsFabric-Events_4.4.9999.0.man Microsoft-WindowsFabric-KtlEvents_4.0.9999.0.man Microsoft-WindowsFabric-KtlEvents_4.1.9999.0.man Microsoft-WindowsFabric-KtlEvents_4.2.9999.0.man Microsoft-WindowsFabric-KtlEvents_4.3.9999.0.man Microsoft-WindowsFabric-KtlEvents_4.4.9999.0.man Microsoft-WindowsFabric-LeaseEvents_4.0.9999.0.man Microsoft-WindowsFabric-LeaseEvents_4.1.9999.0.man Microsoft-WindowsFabric-LeaseEvents_4.2.9999.0.man Microsoft-WindowsFabric-LeaseEvents_4.3.9999.0.man Microsoft-WindowsFabric-LeaseEvents_4.4.9999.0.man |