You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
735 lines
17 KiB
735 lines
17 KiB
// © 2000 Microsoft Corporation. All rights reserved.
|
|
|
|
#pragma namespace ("\\\\.\\root\\cimv2")
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Base classes for SCM events
|
|
|
|
class MSFT_SCMEvent : __ExtrinsicEvent
|
|
{
|
|
};
|
|
|
|
// Base class for events destined for the system Event Log.
|
|
class MSFT_SCMEventLogEvent : MSFT_SCMEvent
|
|
{
|
|
};
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Net events
|
|
|
|
//
|
|
// MessageId: EVENT_BAD_ACCOUNT_NAME
|
|
//
|
|
// MessageText:
|
|
//
|
|
// No backslash is in the account name.
|
|
//
|
|
[
|
|
EventId(0xC0001B60) : ToInstance,
|
|
EventType(1) : ToInstance
|
|
]
|
|
class MSFT_NetBadAccount : MSFT_SCMEventLogEvent
|
|
{
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_CALL_TO_FUNCTION_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 call failed with the following error: %n%2
|
|
//
|
|
[
|
|
EventId(0xC0001B5D) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%FunctionName%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetCallToFunctionFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string FunctionName;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_CALL_TO_FUNCTION_FAILED_II
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 call failed for %2 with the following error: %n%3
|
|
//
|
|
[
|
|
EventId(0xC0001B5E) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%FunctionName%", "%Argument%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetCallToFunctionFailedII : MSFT_SCMEventLogEvent
|
|
{
|
|
string FunctionName;
|
|
string Argument;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_FIRST_LOGON_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Logon attempt with current password failed with the following error: %n%1
|
|
//
|
|
[
|
|
EventId(0xC0001B65) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetFirstLogonFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_REVERTED_TO_LASTKNOWNGOOD
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The system reverted to its last known good configuration. The system is restarting....
|
|
//
|
|
[
|
|
EventId(0xC0001B5F) : ToInstance,
|
|
EventType(1) : ToInstance
|
|
]
|
|
class MSFT_NetRevertedToLastKnownGood : MSFT_SCMEventLogEvent
|
|
{
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_CONNECTION_TIMEOUT
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Timeout (%1 milliseconds) waiting for the %2 service to connect.
|
|
//
|
|
[
|
|
EventId(0xC0001B61) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Milliseconds%", "%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetConnectionTimeout : MSFT_SCMEventLogEvent
|
|
{
|
|
uint32 Milliseconds;
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_READFILE_TIMEOUT
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Timeout (%1 milliseconds) waiting for ReadFile.
|
|
//
|
|
[
|
|
EventId(0xC0001B62) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Milliseconds%"} : ToInstance
|
|
]
|
|
class MSFT_NetReadfileTimeout : MSFT_SCMEventLogEvent
|
|
{
|
|
uint32 Milliseconds;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_TRANSACT_TIMEOUT
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Timeout (%1 milliseconds) waiting for a transaction response from the %2 service.
|
|
//
|
|
[
|
|
EventId(0xC0001B63) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Milliseconds%", "%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetTransactTimeout : MSFT_SCMEventLogEvent
|
|
{
|
|
uint32 Milliseconds;
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_TRANSACT_INVALID
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Message returned in transaction has incorrect size.
|
|
//
|
|
[
|
|
EventId(0xC0001B64) : ToInstance,
|
|
EventType(1) : ToInstance
|
|
]
|
|
class MSFT_NetTransactInvalid : MSFT_SCMEventLogEvent
|
|
{
|
|
};
|
|
|
|
|
|
//
|
|
// Parameter %4 is the value, in decimal, of the SC_ACTION_ constant for
|
|
// the action described in parameter %5.
|
|
//
|
|
//
|
|
// MessageId: EVENT_SERVICE_CRASH
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service terminated unexpectedly. It has done this %2 time(s). The following corrective action will be taken in %3 milliseconds: %5.
|
|
//
|
|
[
|
|
EventId(0xC0001B77) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%TimesFailed%", "%ActionDelay%", "%ActionType%", "%Action%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceCrash : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 TimesFailed;
|
|
uint32 ActionDelay;
|
|
uint32 ActionType;
|
|
string Action;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_CRASH_NO_ACTION
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service terminated unexpectedly. It has done this %2 time(s).
|
|
//
|
|
[
|
|
EventId(0xC0001B7A) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%TimesFailed%" } : ToInstance
|
|
]
|
|
class MSFT_NetServiceCrashNoAction : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 TimesFailed;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_NOT_INTERACTIVE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
|
|
//
|
|
[
|
|
EventId(0xC0001B76) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceNotInteractive : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// Parameter %1 is the value, in decimal, of the SC_ACTION_ constant for
|
|
// the action described in parameter %2.
|
|
//
|
|
//
|
|
// MessageId: EVENT_SERVICE_RECOVERY_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The Service Control Manager tried to take a corrective action (%2) after the unexpected termination of the %3 service, but this action failed with the following error: %n%4
|
|
//
|
|
[
|
|
EventId(0xC0001B78) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%ActionType%", "%Action%", "%Service%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceRecoveryFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
uint32 ActionType;
|
|
string Action;
|
|
string Service;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_INVALID_DRIVER_DEPENDENCY
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Boot-start or system-start driver (%1) must not depend on a service.
|
|
//
|
|
[
|
|
EventId(0xC0001B67) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Driver%"} : ToInstance
|
|
]
|
|
class MSFT_NetInvalidDriverDependency : MSFT_SCMEventLogEvent
|
|
{
|
|
string Driver;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_START_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service failed to start due to the following error: %n%2
|
|
//
|
|
[
|
|
EventId(0xC0001B58) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStartFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_START_FAILED_II
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service depends on the %2 service which failed to start because
|
|
// of the following error: %n%3
|
|
//
|
|
[
|
|
EventId(0xC0001B59) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%DependedOnService%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStartFailedII : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string DependedOnService;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_CIRCULAR_DEPENDENCY_DEMAND
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Detected circular dependencies demand starting %1.
|
|
//
|
|
[
|
|
EventId(0xC0001B69) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetCircularDependencyDemand : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_CIRCULAR_DEPENDENCY_AUTO
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Detected circular dependencies auto-starting services.
|
|
//
|
|
[
|
|
EventId(0xC0001B6A) : ToInstance,
|
|
EventType(1) : ToInstance
|
|
]
|
|
class MSFT_NetCircularDependencyAuto : MSFT_SCMEventLogEvent
|
|
{
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_START_FAILED_NONE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service depends on the following nonexistent service: %2
|
|
//
|
|
[
|
|
EventId(0xC0001B5B) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%NonExistingService%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStartFailedNone : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string NonExistingService;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_DEPEND_ON_LATER_SERVICE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Circular dependency: The %1 service depends on a service in a group which starts later.
|
|
//
|
|
[
|
|
EventId(0xC0001B6B) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetDependOnLaterService : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_START_FAILED_GROUP
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service depends on the %2 group and no member of this group started.
|
|
//
|
|
[
|
|
EventId(0xC0001B5A) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%Group%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStartFailedGroup : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string Group;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_DEPEND_ON_LATER_SERVICE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// Circular dependency: The %1 service depends on a service in a group which starts later.
|
|
//
|
|
[
|
|
EventId(0xC0001B6B) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetDependOnLaterGroup : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_START_HUNG
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service hung on starting.
|
|
//
|
|
[
|
|
EventId(0xC0001B6E) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStartHung : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SEVERE_SERVICE_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// About to revert to the last known good configuration because the %1 service failed to start.
|
|
//
|
|
[
|
|
EventId(0xC0001B6D) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%"} : ToInstance
|
|
]
|
|
class MSFT_NetSevereServiceFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_TAKE_OWNERSHIP
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
|
|
//
|
|
[
|
|
EventId(0xC0001B74) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%RegistryKey%"} : ToInstance
|
|
]
|
|
class MSFT_NetTakeOwnership : MSFT_SCMEventLogEvent
|
|
{
|
|
string RegistryKey;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_BAD_SERVICE_STATE
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service has reported an invalid current state %2.
|
|
//
|
|
[
|
|
EventId(0xC0001B68) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%State%"} : ToInstance
|
|
]
|
|
class MSFT_NetBadServiceState : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 State;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_EXIT_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service terminated with the following error: %n%2
|
|
//
|
|
[
|
|
EventId(0xC0001B6F) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceExitFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_EXIT_FAILED_SPECIFIC
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service terminated with service-specific error %2.
|
|
//
|
|
[
|
|
EventId(0xC0001B70) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%Error% (%Error(0x%X)%)"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceExitFailedSpecific : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_BOOT_SYSTEM_DRIVERS_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The following boot-start or system-start driver(s) failed to load: %1
|
|
//
|
|
[
|
|
EventId(0xC0001B72) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%DriverList%"} : ToInstance
|
|
]
|
|
class MSFT_NetBootSystemDriversFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string DriverList;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_CONTROL_SUCCESS
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service was successfully sent a %2 control.
|
|
//
|
|
[
|
|
EventId(0x40001B7B) : ToInstance,
|
|
EventType(4) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%Control%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceControlSuccess : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string Control;
|
|
string sid;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_STATUS_SUCCESS
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service entered the %2 state.
|
|
//
|
|
[
|
|
EventId(0x40001B7C) : ToInstance,
|
|
EventType(4) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%Control%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceStatusSuccess : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string Control;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_CONFIG_BACKOUT_FAILED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The Service Control Manager encountered an error undoing a change to the
|
|
// %1 for the %2 service after a failed attempt to update the service's
|
|
// configuration information, leaving the service's configuration information
|
|
// in an unpredictable state. Use the Services MMC snap-in to make sure
|
|
// the service is configured as expected.
|
|
//
|
|
[
|
|
EventId(0xC0001B7D) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%ConfigField%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceConfigBackoutFailed : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string ConfigField;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_FIRST_LOGON_FAILED_II
|
|
//
|
|
// MessageText:
|
|
//
|
|
// The %1 service was unable to log on as %2 with the currently configured
|
|
// password due to the following error: %n%3. To ensure that the service is
|
|
// configured properly, use the Services snap-in in Microsoft Management
|
|
// Console (MMC).
|
|
//
|
|
[
|
|
EventId(0xC0001B7E) : ToInstance,
|
|
EventType(1) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%Account%", "%%%%%Error%"} : ToInstance
|
|
]
|
|
class MSFT_NetFirstLogonFailedII : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
string Account;
|
|
uint32 Error;
|
|
};
|
|
|
|
|
|
//
|
|
// MessageId: EVENT_SERVICE_DIFFERENT_PID_CONNECTED
|
|
//
|
|
// MessageText:
|
|
//
|
|
// A service process other than the one launched by the Service Control Manager
|
|
// connected when starting the %1 service. The Service Control Manager launched
|
|
// process %2 and process %3 connected instead.
|
|
//
|
|
// Note that if this service is configured to start under a debugger, this behavior
|
|
// is expected.
|
|
//
|
|
[
|
|
EventId(0x80001B7F) : ToInstance,
|
|
EventType(2) : ToInstance,
|
|
InsertionStringTemplates {"%Service%", "%ExpectedPID%", "%ActualPID%"} : ToInstance
|
|
]
|
|
class MSFT_NetServiceDifferentPIDConnected : MSFT_SCMEventLogEvent
|
|
{
|
|
string Service;
|
|
uint32 ExpectedPID;
|
|
uint32 ActualPID;
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// SCM Event Provider registration.
|
|
|
|
#pragma DeleteInstance("MSFT_WMI_NonCOMEventProvider.Name=\"SCM Event Provider\"", NOFAIL)
|
|
|
|
instance of __Win32Provider as $P1
|
|
{
|
|
Name = "SCM Event Provider";
|
|
HostingModel = "Decoupled:NonCOM";
|
|
};
|
|
|
|
instance of __EventProviderRegistration
|
|
{
|
|
Provider = $P1;
|
|
|
|
EventQueryList =
|
|
{
|
|
"select * from MSFT_SCMEvent"
|
|
};
|
|
};
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// SCM Event Log consumer registration
|
|
|
|
//
|
|
// clean up any old subscriptions in root\cimv2 ( left by whistler beta1 )
|
|
//
|
|
|
|
#pragma deleteinstance("__FilterToConsumerBinding.Consumer=\"NTEventLogEventConsumer.Name=\\\"SCM Event Log Consumer\\\"\",Filter=\"__EventFilter.Name=\\\"SCM Event Log Filter\\\"\"", NOFAIL )
|
|
#pragma deleteinstance("__EventFilter.Name=\"SCM Event Log Filter\"", NOFAIL )
|
|
|
|
#pragma namespace ("\\\\.\\root\\subscription")
|
|
|
|
instance of NTEventLogEventConsumer
|
|
{
|
|
Name = "SCM Event Log Consumer";
|
|
SourceName = "Service Control Manager";
|
|
EventType = 1;
|
|
Category = 0;
|
|
NameOfUserSIDProperty = "sid";
|
|
};
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// SCM Event Log filter
|
|
|
|
instance of __EventFilter
|
|
{
|
|
Name = "SCM Event Log Filter";
|
|
QueryLanguage = "WQL";
|
|
Query = "select * from MSFT_SCMEventLogEvent";
|
|
EventNamespace = "root\\cimv2";
|
|
};
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// SCM Event Log filter-to-consumer binding
|
|
|
|
instance of __FilterToConsumerBinding
|
|
{
|
|
Consumer = "NTEventLogEventConsumer.Name=\"SCM Event Log Consumer\"";
|
|
Filter = "__EventFilter.Name=\"SCM Event Log Filter\"";
|
|
};
|
|
|