Warning: the following paths have collided : Error When Cloning

[davidldennison]

git clone --recursive --recurse-submodule https://github.com/nasbench/EVTX-ETW-Resources.git                                                                                         

Results:

Cloning into 'EVTX-ETW-Resources'... remote: Enumerating objects: 57755, done. remote: Counting objects: 100% (5278/5278), done. remote: Compressing objects: 100% (1135/1135), done. remote: Total 57755 (delta 4123), reused 5276 (delta 4123), pack-reused 52477 Receiving objects: 100% (57755/57755), 698.00 MiB | 17.52 MiB/s, done. Resolving deltas: 100% (50774/50774), done. Updating files: 100% (425631/425631), done. warning: the following paths have collided (e.g. case-sensitive paths on a case-insensitive filesystem) and only one from the same colliding group is in the working tree:

'ETWProvidersCSVs/Internal/Microsoft-Windows-SMBServer.csv' 'ETWProvidersCSVs/Internal/Microsoft-Windows-SmbServer.csv'

[AndrewRathbun]

@nasbench it appears Windows 8 called it SmbServer and newer versions called it SMBServer. When I clone with GitHub Desktop, I'm seeing that the file in question was overwritten, and in my case, the SmbServer CSV won out, and the contents of SMBServer are overwritten. So, I could discard the changes and lose SmbServer while keeping SMBServer, or vice versa. Ideally, if there happens to be a conflict like this, the two files would be merged together, or maybe just appended (minus the header row so that doesn't repeat). Visual aid below:

@davidldennison in the meantime, I guess lean on the SMBServer CSV since I can't imagine you or many others care about the Windows 8 version of this Provider's event logs, so that may be an easy fix for now 🤷 Thoughts?

[nasbench]

I'll update the script to perhaps merge or append a suffix to differentiate these edge cases.

[davidldennison]

@AndrewRathbun I can't imagine many people would at this point. Just figured I'd let make it known anyways!

[davidldennison]

Finally took a look at the contents of this repo and just wanted to leave a comment for anyone who might read this - this is a great resource!

I recently went down an experimentation / research / learning rabbit hole into EVTX, ETW, WinDbg, WPA, and WPR. Surprisingly, the official documentation leaves a lot to be desired and community resources are scattered. This is definitely one of the most extensive resources for event tracing I've found!

Thanks @nasbench !

Also for anyone else reading: this is such an extensive resource that if you git clone --recursive --recurse-submodule like I did above you will end up with a folder roughly about ~16GB made of a lot of .csv files. That is literally how packed this repo is!