archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/mofs/ntevt.mof

400 lines
14 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  3. // (c) 1998-1999 Microsoft Corporation. All rights reserved.
  5. #pragma autorecover
  6. #pragma classflags("forceupdate")
  8. Qualifier Description : ToSubClass Amended;
  9. Qualifier Values : ToSubClass Amended;
  10. Qualifier DisplayName : Amended;
  11. Qualifier BitValues:ToSubClass Amended ;
  13. Qualifier Aggregate : ToSubClass ;
  14. Qualifier ValueMap : ToSubClass ;
  15. Qualifier Aggregation : ToSubClass ;
  16. Qualifier ArrayType : ToSubClass ;
  17. Qualifier Association : ToInstance ToSubClass DisableOverride ;
  18. Qualifier BitMap : ToSubClass ;
  19. Qualifier CIM_Key : ToSubClass ;
  20. Qualifier CIMTYPE : ToSubClass ;
  21. Qualifier Deprecated : ToSubClass ;
  22. Qualifier Enumeration : ToSubClass ;
  23. Qualifier EnumPrivileges : ToSubClass ;
  24. Qualifier Fixed : ToSubclass;
  25. Qualifier ImplementationSource : ToSubClass ;
  26. Qualifier Key : ToInstance ToSubClass DisableOverride ;
  27. Qualifier Locale : ToInstance ;
  28. Qualifier MappingStrings : ToSubClass ;
  29. Qualifier Max : ToSubClass ;
  30. Qualifier MaxLen : ToSubClass ;
  31. Qualifier Min : ToSubClass ;
  32. Qualifier ModelCorrespondence : ToSubClass ;
  33. Qualifier Not_Null : ToSubClass ;
  34. Qualifier Override : Restricted ;
  35. Qualifier Privileges : ToSubClass ;
  36. Qualifier Propagated : ToSubClass ;
  37. Qualifier provider : ToInstance ;
  38. Qualifier Range : ToSubClass ;
  39. Qualifier Read : ToSubClass ;
  40. Qualifier Schema : ToInstance ;
  41. Qualifier Singleton : ToSubClass ToInstance ;
  42. Qualifier SUBTYPE : ToSubClass ;
  43. Qualifier Units : ToSubClass ;
  44. Qualifier UUID : ToInstance ;
  45. Qualifier Volatile : ToSubClass ;
  46. Qualifier Weak : ToSubClass ;
  47. Qualifier Write : ToSubClass ;
  48. Qualifier WritePrivileges : ToSubClass ;
  51. #pragma namespace ("\\\\.\\Root\\CIMV2")
  54. [singleton,
  55. Locale (0x409), UUID ("{8502C57A-5FBB-11D2-AAC1-006008C78BC7}")]
  56. class NTEventlogProviderConfig
  57. {
  58. datetime LastBootUpTime;
  59. };
  61. instance of __Win32Provider as $DataProv
  62. {
  63. Name = "MS_NT_EVENTLOG_PROVIDER";
  64. ClsId = "{FD4F53E0-65DC-11d1-AB64-00C04FD9159E}";
  65. ImpersonationLevel = 1;
  66. PerUserInitialization = "TRUE";
  67. HostingModel = "NetworkServiceHost";
  68. };
  70. instance of __MethodProviderRegistration
  71. {
  72. Provider = $DataProv;
  73. };
  75. instance of __InstanceProviderRegistration
  76. {
  77. Provider = $DataProv;
  78. SupportsPut = TRUE;
  79. SupportsGet = TRUE;
  80. SupportsDelete = FALSE;
  81. SupportsEnumeration = TRUE;
  82. QuerySupportLevels = {"WQL:UnarySelect"};
  83. };
  85. [dynamic,
  86. provider("MS_NT_EVENTLOG_PROVIDER"), SupportsUpdate,
  87. Locale (0x409), UUID ("{8502C57B-5FBB-11D2-AAC1-006008C78BC7}")]
  88. class Win32_NTEventlogFile : CIM_DataFile
  89. {
  90. [Fixed, Description("The LogFileName property indicates name of the log file."),
  91. read]
  92. string LogfileName;
  94. [Description("The MaxFileSize property indicates the maximum size "
  95. "(in bytes) permitted for the log file. If "
  96. "the file exceeds its maximum size, its contents are moved to "
  97. "another file and the primary file is emptied. A value of zero "
  98. "indicates no size limit. "),
  99. read,
  100. write]
  101. uint32 MaxFileSize;
  103. [Description("Number of records in the log file. This value is determined "
  104. "by calling the Win32 function GetNumberOfEventLogRecords."),
  105. read]
  106. uint32 NumberOfRecords;
  108. [Description("Current overwrite policy the Windows NT/Windows 2000 "
  109. "Event Log service employs for this log file. The possible values "
  110. "of the property are: \n"
  111. "WhenNeeded - This corresponds to OverWriteOutdated = 0.\n"
  112. "OutDated - This corresponds to OverWriteOutdated of 1 to 365.\n"
  113. "Never - This corresponds to OverWriteOutdated = 4294967295. \n"
  114. "There is an interdependence between the OverWriteOutDated property "
  115. "(which is writable) value and the OverWritePolicy property "
  116. "(which is not writable) value.\n"
  117. "If one changes the OverWriteOutDated property value to 0, "
  118. "the OverWritePolicy property value will be 'henNeeded' \n"
  119. "If one changes the OverWriteOutDated property value to 1-365, "
  120. "the OverWritePolicy property value will be 'outDated' \n"
  121. "If one changes the OverWriteOutDated property value to 4294967295, "
  122. "the OverWritePolicy property value will be 'Never'."),
  123. read,
  124. volatile,
  125. ValueMap {"0", "1..365", "4294967295"} ,
  126. Values {"WhenNeeded", "OutDated", "Never"} ]
  127. string OverWritePolicy;
  129. [Description("Number of days after which an event can be overwritten. "
  130. "Values are:\n"
  131. "0 = Any entry can be overwritten when necessary."
  132. "1..365 = Events that have been in the log file for one "
  133. "year (365 days) or less can be overwritten."
  134. "4294967295 = Nothing can be ever be overwritten. \n"
  135. "There is an interdependence between the OverWriteOutDated property "
  136. "(which is writable) value and the OverWritePolicy property "
  137. "(which is not writable) value.\n"
  138. "If one changes the OverWriteOutDated property value to 0, "
  139. "the OverWritePolicy property value will be 'henNeeded' \n"
  140. "If one changes the OverWriteOutDated property value to 1-365, "
  141. "the OverWritePolicy property value will be 'outDated' \n"
  142. "If one changes the OverWriteOutDated property value to 4294967295, "
  143. "the OverWritePolicy property value will be 'Never'."),
  144. read,
  145. write,
  146. Units("Days"),
  147. Range("0-365 | 4294967295")]
  148. uint32 OverwriteOutDated;
  150. [Description("The Sources property indicates the applications "
  151. "that are registered to log into this log file."),
  152. read]
  153. string Sources[];
  155. //Methods
  157. [Description("Clears the specified event log, and optionally "
  158. "saves the current copy of the logfile to a backup file. "
  159. "The method returns an integer value that can be "
  160. "interpretted as follows: \n"
  161. "0 - Successful completion.\n"
  162. "8 - The user does not have adequate privileges.\n"
  163. "21 - Invalid parameter.\n"
  164. "Other - For integer values other than those listed above, "
  165. "refer to Win32 error code documentation."): ToSubClass,
  166. Values{ "Success",
  167. "Privilege missing",
  168. "Invalid parameter",
  169. "Other" },
  170. ValueMap{ "0", "8", "21", ".." },
  171. implemented,
  172. Privileges{"SeSecurityPrivilege", "SeBackupPrivilege"}]
  173. uint32 ClearEventlog(
  175. [Description("String specifying the name of a "
  176. "file in which a current copy of the event logfile will be placed. "
  177. "If this file already exists, the function fails. "),
  178. in]
  179. string ArchiveFileName
  181. );
  183. [Description("Saves the specified event log to a backup file. "
  184. "The method returns an integer value that can be "
  185. "interpretted as follows: \n"
  186. "0 - Successful completion.\n"
  187. "8 - The user does not have adequate privileges.\n"
  188. "21 - Invalid parameter.\n"
  189. "183 - Archive file name already exists. Cannot create file. \n"
  190. "Other - For integer values other than those listed above, "
  191. "refer to Win32 error code documentation."): ToSubClass,
  192. Values{ "Success",
  193. "Privilege missing",
  194. "Invalid parameter",
  195. "Archive file name already exists.",
  196. "Other" },
  197. ValueMap{ "0", "8", "21", "183", ".." },
  198. implemented,
  199. Privileges{"SeSecurityPrivilege", "SeBackupPrivilege"}]
  200. uint32 BackupEventlog(
  202. [Description("String specifying the name of the backup file."),
  203. in]
  204. string ArchiveFileName
  206. );
  208. };
  211. [DisplayName("NT Log Events"), Privileges{"SeSecurityPrivilege"},
  212. Dynamic, Provider("MS_NT_EVENTLOG_PROVIDER"), EnumPrivileges{"SeSecurityPrivilege"},
  213. Description("This class is used to translate instances from the NT Eventlog."),
  214. Locale (0x409), UUID ("{8502C57C-5FBB-11D2-AAC1-006008C78BC7}")]
  215. class Win32_NTLogEvent
  216. {
  217. [DisplayName ("Record Number"), Key,
  218. Description ("Identifies the event within the NT Eventlog logfile. This "
  219. "is specific to the logfile and is used together with the logfile name to "
  220. "uniquely identify an instance of this class.")
  221. ]
  222. uint32 RecordNumber;
  223. [DisplayName ("Log File"), Key,
  224. Description ("The name of NT Eventlog logfile. This is used together with "
  225. "the RecordNumber to uniquely identify an instance of this class.")
  226. ]
  227. string Logfile;
  228. [Fixed, DisplayName("Event Identifier"), Description("Identifies the event. "
  229. "This is specific to the source that generated the event log entry, and "
  230. "is used, together with SourceName, to uniquely identify an NT event type.")
  231. ]
  232. uint32 EventIdentifier;
  233. [DisplayName("Event Code"), Description("This property has the value of "
  234. "the lower 16-bits of the EventIdentifier property. It is present to match "
  235. "the value displayed in the NT Event Viewer. NOTE: Two events from the same "
  236. "source may have the same value for this property but may have different "
  237. "severity and EventIdentifier values")
  238. ]
  239. uint16 EventCode;
  240. [Fixed, DisplayName("Source Name"), Description("The variable-length null-terminated "
  241. "string specifying the name of the source (application, service, driver, "
  242. "subsystem) that generated the entry. It is used, together with the "
  243. "EventIdentifier, to uniquely identify an NT event type.")
  244. ]
  245. string SourceName;
  246. [Fixed, DisplayName("Type"), Description("Specifies the type of event. This "
  247. "is an enumerated string"),
  248. ValueMap {"0", "1", "2", "4", "8", "16"},
  249. Values {"Success", "Error", "Warning", "Information", "Audit Success", "Audit Failure"}
  250. ]
  251. string Type;
  252. [DisplayName("Category"), Description("Specifies a subcategory for "
  253. "this event. This subcategory is source specific.")
  254. ]
  255. uint16 Category;
  256. [DisplayName("Category String"), Description("Specifies the translation "
  257. "of the subcategory. The translation is source specific.")
  258. ]
  259. string CategoryString;
  260. [Fixed, DisplayName("Time Generated"), Description("Specifies the time at "
  261. "which the source generated the event.")
  262. ]
  263. datetime TimeGenerated;
  264. [Fixed, DisplayName("Time Written"), Description("Specifies the time at which "
  265. "the event was written to the logfile.")
  266. ]
  267. datetime TimeWritten;
  268. [Fixed, DisplayName("Computer Name"), Description("The variable-length "
  269. "null-terminated string specifying the name of the computer that "
  270. "generated this event.")
  271. ]
  272. string ComputerName;
  273. [DisplayName("User Name"), Description("The user name of the logged on "
  274. "user when the event ocurred. If the user name cannot be determined "
  275. "this will be NULL")
  276. ]
  277. string User;
  278. [DisplayName("Message"), Description("The event message as it appears "
  279. "in the NT Eventlog. This is a standard message with zero or more "
  280. "insertion strings supplied by the source of the NT event. The "
  281. "insertion strings are inserted into the standard message in a "
  282. "predefined format. If there are no insertion strings or there is a "
  283. "problem inserting the insertion strings, only the standard message "
  284. "will be present in this field.")
  285. ]
  286. string Message;
  287. [DisplayName("Insertion Strings"), Description("The insertion strings "
  288. "that accompanied the report of the NT event.")
  289. ]
  290. string InsertionStrings[ ];
  291. [DisplayName("Binary Data"), Description("The binary data that "
  292. "accompanied the report of the NT event.")
  293. ]
  294. Uint8 Data[ ];
  295. [Fixed, Description ("The Type property specifies the type of event."),
  296. DisplayName("Type Event"),
  297. ValueMap {"0", "1", "2", "3","4","5"},
  298. Values {"Success", "Error", "Warning", "Information",
  299. "Security Audit Success","Security Audit Failure"}]
  300. uint8 EventType;
  301. };
  303. // RuleBased("Select * From "
  304. // "Win32_NTLogEvent As A "
  305. // "Join "
  306. // "Win32_NTEventLogFile As B "
  307. // "On A.LogFile = B.LogFileName")
  309. [Description("The Win32_NTLogEventLog class represents an association "
  310. "between an NT log event and the log file that contains the event."),
  311. dynamic,
  312. provider("MS_NT_EVENTLOG_PROVIDER"),
  313. EnumPrivileges{"SeSecurityPrivilege"},
  314. Privileges{"SeSecurityPrivilege"},
  315. Locale (0x409),
  316. UUID ("{8502C57D-5FBB-11D2-AAC1-006008C78BC7}"),
  317. Association: ToInstance]
  318. class Win32_NTLogEventLog
  319. {
  320. [Description("The Log property references the log file that "
  321. "contains the NT log event."),
  322. Key,
  323. read]
  324. Win32_NTEventlogFile ref Log;
  326. [Description("The Record property references an NT log event."),
  327. Key,
  328. read]
  329. Win32_NTLogEvent ref Record;
  330. };
  332. [Description("The Win32_NTLogEventUser class represents an association "
  333. "between an NT log event and the active user at the time the "
  334. "event was logged. "),
  335. dynamic,
  336. provider("MS_NT_EVENTLOG_PROVIDER"),
  337. EnumPrivileges{"SeSecurityPrivilege"},
  338. Privileges{"SeSecurityPrivilege"},
  339. Locale (0x409),
  340. UUID ("{8502C57E-5FBB-11D2-AAC1-006008C78BC7}"),
  341. Association: ToInstance]
  342. class Win32_NTLogEventUser
  343. {
  344. [Description("The User property references the active user "
  345. "at the time the event was logged."),
  346. Key,
  347. read]
  348. Win32_UserAccount ref User;
  350. [Description("The Record property references an NT log event."),
  351. Key,
  352. read]
  353. Win32_NTLogEvent ref Record;
  355. };
  357. //RuleBased("Select * From "
  358. // "Win32_ComputerSystem As A "
  359. // "Join "
  360. // "Win32_NTLogEvent As B "
  361. // "On A.Name = B.ComputerName")
  363. [Description("The Win32_NTLogEventComputer class represents an association "
  364. "between an NT log event and the computer from which the event "
  365. "was generated."),
  366. dynamic,
  367. provider("MS_NT_EVENTLOG_PROVIDER"),
  368. EnumPrivileges{"SeSecurityPrivilege"},
  369. Privileges{"SeSecurityPrivilege"},
  370. Locale (0x409),
  371. UUID ("{8502C57F-5FBB-11D2-AAC1-006008C78BC7}"),
  372. Association: ToInstance]
  373. class Win32_NTLogEventComputer
  374. {
  375. [Description("The Computer property references the computer from which "
  376. "the event was generated."),
  377. Key,
  378. read]
  379. Win32_ComputerSystem ref Computer;
  381. [Description("The Record property references an NT log event."),
  382. Key,
  383. read]
  384. Win32_NTLogEvent ref Record;
  385. };
  387. instance of __Win32Provider as $EventProv
  388. {
  389. Name = "MS_NT_EVENTLOG_EVENT_PROVIDER";
  390. ClsId = "{F55C5B4C-517D-11d1-AB57-00C04FD9159E}";
  391. HostingModel = "LocalSystemHost";
  392. };
  394. instance of __EventProviderRegistration
  395. {
  396. Provider = $EventProv;
  397. EventQueryList = {"select * from __InstanceCreationEvent where TargetInstance isa \"Win32_NTLogEvent\""};
  398. };