You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
7.0 KiB
30 lines
7.0 KiB
#pragma autorecover
|
|
#pragma namespace("\\\\.\\root\\cimv2")
|
|
instance of __namespace{ name="ms_409";};
|
|
#pragma namespace("\\\\.\\root\\cimv2\\ms_409")
|
|
|
|
[AMENDMENT, LOCALE(0x409)]
|
|
class Win32_NTEventlogFile : CIM_DataFile
|
|
{
|
|
[Values{"WhenNeeded", "OutDated", "Never"} : Amended ToSubclass] string OverWritePolicy;
|
|
};
|
|
|
|
[description("This class is used to translate instances from the NT Eventlog.") : Amended ToSubclass,AMENDMENT, LOCALE(0x409)]
|
|
class Win32_NTLogEvent
|
|
{
|
|
[key,description("Identifies the event within the NT Eventlog logfile. This is specific to the logfile and is used together with the logfile name to uniquely identify an instance of this class.") : Amended ToSubclass] uint32 RecordNumber;
|
|
[key,description("The name of NT Eventlog logfile. This is used together with the RecordNumber to uniquely identify an instance of this class.") : Amended ToSubclass] string Logfile;
|
|
[description("Identifies the event. This is specific to the source that generated the event log entry, and is used, together with SourceName, to uniquely identify an NT event type.") : Amended ToSubclass] uint32 EventIdentifier;
|
|
[description("This property has the value of the lower 16-bits of the EventIdentifier property. It is present to match the value displayed in the NT Event Viewer. NOTE: Two events from the same source may have the same value for this property but may have different severity and EventIdentifier values") : Amended ToSubclass] uint16 EventCode;
|
|
[description("The variable-length null-terminated string specifying the name of the source (application, service, driver, subsystem) that generated the entry. It is used, together with the EventIdentifier, to uniquely identify an NT event type.") : Amended ToSubclass] string SourceName;
|
|
[description("Specifies the type of event. This is an enumerated string") : Amended ToSubclass,Values{"error", "warning", "information", "audit success", "audit failure"} : Amended ToSubclass] string Type;
|
|
[description("Specifies a subcategory for this event. This subcategory is source specific.") : Amended ToSubclass] uint16 Category;
|
|
[description("Specifies the translation of the subcategory. The translation is source specific.") : Amended ToSubclass] string CategoryString;
|
|
[description("Specifies the time at which the source generated the event.") : Amended ToSubclass] datetime TimeGenerated;
|
|
[description("Specifies the time at which the event was written to the logfile.") : Amended ToSubclass] datetime TimeWritten;
|
|
[description("The variable-length null-terminated string specifying the name of the computer that generated this event.") : Amended ToSubclass] string ComputerName;
|
|
[description("The user name of the logged on user when the event ocurred. If the user name cannot be determined this will be NULL") : Amended ToSubclass] string User;
|
|
[description("The event message as it appears in the NT Eventlog. This is a standard message with zero or more insertion strings supplied by the source of the NT event. The insertion strings are inserted into the standard message in a predefined format. If there are no insertion strings or there is a problem inserting the insertion strings, only the standard message will be present in this field.") : Amended ToSubclass] string Message;
|
|
[description("The insertion strings that accompanied the report of the NT event.") : Amended ToSubclass] string InsertionStrings[];
|
|
[description("The binary data that accompanied the report of the NT event.") : Amended ToSubclass] Uint8 Data[];
|
|
};
|