awslabs / kinesis-agent-windows

An extensible Windows agent that ingests logs and metrics to AWS services such as Kinesis Stream, Kinesis Firehose, CloudWatch Logs and CloudWatch.
Apache License 2.0
39 stars 22 forks source link

WindowsETWEventSource does not include TraceEvent.ID #35

Open kuzukami opened 1 year ago

kuzukami commented 1 year ago

EventID has an important meaning in ETWEvent, but this is not acquired as data. I want to get analysis log of WindowsDNS server. However, the lack of EventIDs in the JSON data sent by the Agent makes analysis difficult.

  1. https://github.com/awslabs/kinesis-agent-windows/blob/ac0ee50c9118a2b02f7c790ea9f8867d57e53729/Amazon.KinesisTap.Windows/EtwEvent.cs#L69
  2. https://github.com/microsoft/perfview/blob/9dd10abfa9bbce7df9b14331841dba08c2774b13/src/TraceEvent/TraceEvent.cs#L670
  3. https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800669(v=ws.11)?redirectedfrom=MSDN#audit-and-analytic-event-logging