// Copyright (c) 1997-2003 Microsoft Corporation, All Rights Reserved class LogFileEventConsumer : __EventConsumer { [key] string Name; [Not_Null, write] string Filename; [Not_Null,Template, write] string Text; [write] uint64 MaximumFileSize = 65535; [write] boolean IsUnicode; }; class CommandLineEventConsumer : __EventConsumer { [key] string Name; [write] string ExecutablePath; [Template, write] string CommandLineTemplate; [write] boolean UseDefaultErrorMode = FALSE; [DEPRECATED] boolean CreateNewConsole = FALSE; [write] boolean CreateNewProcessGroup = FALSE; [write] boolean CreateSeparateWowVdm = FALSE; [write] boolean CreateSharedWowVdm = FALSE; [write] sint32 Priority = 32; [write] string WorkingDirectory; [DEPRECATED] string DesktopName; [Template, write] string WindowTitle; [write] uint32 XCoordinate; [write] uint32 YCoordinate; [write] uint32 XSize; [write] uint32 YSize; [write] uint32 XNumCharacters; [write] uint32 YNumCharacters; [write] uint32 FillAttribute; [write] uint32 ShowWindowCommand; [write] boolean ForceOnFeedback = FALSE; [write] boolean ForceOffFeedback = FALSE; [write] boolean RunInteractively = FALSE; [write] uint32 KillTimeout = 0; }; class NTEventLogEventConsumer : __EventConsumer { [key] string Name; [write] string UNCServerName; [NOT_NULL, write] string SourceName; [NOT_NULL, write] uint32 EventID = 0; [NOT_NULL, write, ValueMap{"0", "1", "2", "4", "8", "16"},Values{"Success", "Error", "Warning", "Information", "Audit Success", "Audit Failure"}] uint32 EventType = 1; [NOT_NULL, write] uint16 Category; [NOT_NULL, write] uint32 NumberOfInsertionStrings = 0; [Template, write] string InsertionStringTemplates[] = {""}; [write] string NameOfRawDataProperty; [write] string NameOfUserSIDProperty; }; Instance of __Win32Provider as $P1 { Name = "LogFileEventConsumer"; Clsid = "{266c72d4-62e8-11d1-ad89-00c04fd8fdff}"; HostingModel = "LocalSystemHost"; }; Instance of __EventConsumerProviderRegistration { Provider = $P1; ConsumerClassNames = {"LogFileEventConsumer"}; }; Instance of __Win32Provider as $P2 { Name = "CommandLineEventConsumer"; Clsid = "{266c72e5-62e8-11d1-ad89-00c04fd8fdff}"; HostingModel = "LocalSystemHost"; }; Instance of __EventConsumerProviderRegistration { Provider = $P2; ConsumerClassNames = {"CommandLineEventConsumer"}; }; Instance of __Win32Provider as $P3 { Name = "NTEventLogEventConsumer"; Clsid = "{266c72e6-62e8-11d1-ad89-00c04fd8fdff}"; HostingModel = "WmiCore"; }; Instance of __EventConsumerProviderRegistration { Provider = $P3; ConsumerClassNames = {"NTEventLogEventConsumer"}; }; instance of __namespace{ name="ms_409";}; #pragma namespace("ms_409") [Description("Logs events to a text file") : Amended ToSubclass,AMENDMENT, LOCALE(0x409)] class LogFileEventConsumer : __EventConsumer { [key,Description("A unique identifier for this instance") : Amended ToSubclass] string Name; [Description("Fully qualified path name for the log file. If file does not exist, it will be created. If directory does not exist, file will not be created.") : Amended ToSubclass] string Filename; [Description("Message to be inserted into the log file") : Amended ToSubclass] string Text; [Description("Maximum size to which file is allowed to grow. It will be archived when it exceeds this size. Archived files have an extension of .001 through .999. A value of zero will be interpreted to mean 'do not archive.' ") : Amended ToSubclass] uint64 MaximumFileSize; [Description("If FALSE or NULL, file will not be Unicode.") : Amended ToSubclass] boolean IsUnicode; }; [Description("Executes command in response to an event, see the Win32 SDK documentation for CreateProcess for more complete description of properties.") : Amended ToSubclass,AMENDMENT, LOCALE(0x409)] class CommandLineEventConsumer : __EventConsumer { [key,Description("A unique identifier for this instance") : Amended ToSubclass] string Name; [Description("Name of executable module") : Amended ToSubclass] string ExecutablePath; [Description("Command line string") : Amended ToSubclass] string CommandLineTemplate; [Description("New process inherits the error mode of the calling process. ") : Amended ToSubclass] boolean UseDefaultErrorMode; [Description("The new process has a new console. Note: This property has been Deprecated in Windows XP and is no longer used.") : Amended ToSubclass] boolean CreateNewConsole; [Description("The new process is the root process of a new process group.") : Amended ToSubclass] boolean CreateNewProcessGroup; [Description("The new process runs in a private Virtual DOS Machine (VDM).") : Amended ToSubclass] boolean CreateSeparateWowVdm; [Description("If the DefaultSeparateVDM switch in the Windows section of WIN.INI is TRUE, this flag causes the CreateProcess function to override the switch and run the new process in the shared Virtual DOS Machine.") : Amended ToSubclass] boolean CreateSharedWowVdm; [Description("Used to determine the scheduling priorities of the process's threads") : Amended ToSubclass] sint32 Priority; [Description("Default directory used by process") : Amended ToSubclass] string WorkingDirectory; [Description("Either the name of the desktop only or the name of both the desktop and window station for this process. Note: This property has been Deprecated in Windows XP and is no longer used.") : Amended ToSubclass] string DesktopName; [Description("For console processes, this is the title displayed in the title bar if a new console window is created") : Amended ToSubclass] string WindowTitle; [Description("Specifies the x coordinate of the upper left corner of a window") : Amended ToSubclass] uint32 XCoordinate; [Description("Specifies the y coordinate of the upper left corner of a window") : Amended ToSubclass] uint32 YCoordinate; [Description("Specifies the width of the window") : Amended ToSubclass] uint32 XSize; [Description("Specifies the height of the window") : Amended ToSubclass] uint32 YSize; [Description("For a console process, specifies the width of the window in characters") : Amended ToSubclass] uint32 XNumCharacters; [Description("For a console process, specifies the height of the window in characters") : Amended ToSubclass] uint32 YNumCharacters; [Description("Specifies the initial text and background colors if a new console window is created in a console application") : Amended ToSubclass] uint32 FillAttribute; [Description("The ShowWindowCommand can be any of the SW_ constants defined in WINUSER.H.") : Amended ToSubclass] uint32 ShowWindowCommand; [Description("Indicates that the cursor is in feedback mode for two seconds after CreateProcess is called.") : Amended ToSubclass] boolean ForceOnFeedback; [Description("Indicates that the feedback cursor is forced off while the process is starting.") : Amended ToSubclass] boolean ForceOffFeedback; [Description("Indicates that the process has access to the desktop.") : Amended ToSubclass] boolean RunInteractively; [description("Number of seconds that child process is allowed to run; if zero, process will not be terminated") : Amended ToSubclass] uint32 KillTimeout; }; [description("Logs events into NT event log, see Win32 SDK documentation for more complete descriptions") : Amended ToSubclass,AMENDMENT, LOCALE(0x409)] class NTEventLogEventConsumer : __EventConsumer { [key,Description("A unique identifier for this instance") : Amended ToSubclass] string Name; [Description("Universal Naming Convention (UNC) name of the server on which this operation is to be performed. If NULL, the operation is performed on the local computer.") : Amended ToSubclass] string UNCServerName; [Description("The source name must be a subkey of a logfile entry under the EventLog key in the registry.") : Amended ToSubclass] string SourceName; [Description("The event identifier specifies the message that goes with this event as an entry in the message file associated with the event source.") : Amended ToSubclass] uint32 EventID; [Description("Specifies the type of event being logged") : Amended ToSubclass] uint32 EventType; [Description("Specifies the event category. This is source-specific information.") : Amended ToSubclass] uint16 Category; [Description("Number of strings to be inserted into the event text.") : Amended ToSubclass] uint32 NumberOfInsertionStrings; [Description("Strings to be inserted into the event text.") : Amended ToSubclass] string InsertionStringTemplates[]; [Description("The NameOfRawDataProperty property is the name of the property in the event which contains a UserSID in string or array of bytes format. This will become the lpUserSid param in the ReportEvent API function."): Amended ToSubclass] string NameOfRawDataProperty; [Description("The NameOfUserSIDProperty is the name of a property in the event which contains an array of bytes, or a string. This will become the lpRawData param in ReportEvent API function."): Amended ToSubclass] string NameOfUserSIDProperty; };