If we need various real life software traces with millions of lines from complex software environments to learn pattern-driven software log analysis we can use Process Monitor97 as a modeling tool. Here we can abstract from their “monitoring” and API interception context and consider trace messages as emitted from various processes and threads (like Citrix CDF traces). This approach was used in Accelerated Windows Software Trace Analysis training98 and Debugging TV Frames episode 0×1999.
97 http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
98 http://www.patterndiagnostics.com/accelerated-software-trace-analysis