elmo ?is a prototype command line utility to assist the analyst in pulling message table data from providers with the objective of integrating these messages to events that are logged in the Windows event log.
The Windows event log conserves space using a number of mechanisms. One way is to reference the? provider ?for each event along with unique event information in the log and store the more common information in a resource binary. The term? provider , as used here, is the source of the event that was generated and is recorded in the event log. This can be one of the running services, drivers, or applications. Reconstruction of the complete message for an event that is logged therefore requires one to pull the common information from the resource that houses the? provider's ?infomation.? elmo ?is a utility to help the analyst do this.