Facebook

5 events across 1 channel

Event ID 1: LogMessageMessageOpcode

#
Provider
Facebook
Channel
osquery
Task
LogMessage
Opcode
MessageOpcode

Message #

Debug

Fields #

NameDescription
Message AnsiString
Location AnsiString

Event ID 2: LogMessageMessageOpcode2

#
Provider
Facebook
Channel
osquery
Task
LogMessage
Opcode
MessageOpcode

Message #

Information

Fields #

NameDescription
Message AnsiString
Location AnsiString

Event ID 3: LogMessageMessageOpcode3

#
Provider
Facebook
Channel
osquery
Task
LogMessage
Opcode
MessageOpcode

Message #

Warning

Fields #

NameDescription
Message AnsiString
Location AnsiString

Event ID 4: LogMessageMessageOpcode4

#
Provider
Facebook
Channel
osquery
Task
LogMessage
Opcode
MessageOpcode

Message #

Error

Fields #

NameDescription
Message AnsiString
Location AnsiString

Event ID 5: LogMessageMessageOpcode5

#
Provider
Facebook
Channel
osquery
Task
LogMessage
Opcode
MessageOpcode

Message #

Fatal error

Fields #

NameDescription
Message AnsiString
Location AnsiString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID f7740e18-3259-434f-9759-976319968900

Defined in Program, which carries the event manifest.

Observed on:

  • WS2022-20348.4893 · schema read from the registered manifest · binary version 5.11.0.0 · captured 2026-06-02

Downloads

Credits

  • Microsoft - authored the ETW manifests and PDBs the schema comes from
  • jdu2600 - the event-schema TSV format this catalog adopted
  • nasbench - the tool that dumps registered providers and manifests