#pragma autorecover
#pragma namespace("\\\\.\\root\\cimv2\\ms_409")

[ABSTRACT, AMENDMENT, LOCALE(0x409)]
class Win32_NTEventlogFile : CIM_DataFile
{
  [Values{"WhenNeeded", "OutDated", "Never"} : Amended]string OverWritePolicy;
};

[description("This class is used to translate instances from the NT Eventlog.") : Amended,ABSTRACT, AMENDMENT, LOCALE(0x409)]
class Win32_NTLogEvent
{
  [key,description("Identifies the event within the NT Eventlog logfile. This is specific to the logfile and is used together with the logfile name to uniquely identify an instance of this class.") : Amended]uint32 RecordNumber;
  [key,description("The name of NT Eventlog logfile. This is used together with the RecordNumber to uniquely identify an instance of this class.") : Amended]string Logfile;
  [description("Identifies the event. This is specific to the source that generated the event log entry, and is used, together with SourceName, to uniquely identify an NT event type.") : Amended]uint32 EventIdentifier;
  [description("The variable-length null-terminated string specifying the name of the source (application, service, driver, subsystem) that generated the entry. It is used, together with the EventIdentifier, to uniquely identify an NT event type.") : Amended]string SourceName;
  [description("Specifies the type of event. This is an enumerated string") : Amended,Values{"error", "warning", "information", "audit success", "audit failure"} : Amended]string Type;
  [description("Specifies a subcategory for this event. This subcategory is source specific.") : Amended]uint16 Category;
  [description("Specifies the translation of the subcategory. The translation is source specific.") : Amended]string CategoryString;
  [description("Specifies the time at which the source generated the event.") : Amended]datetime TimeGenerated;
  [description("Specifies the time at which the event was written to the logfile.") : Amended]datetime TimeWritten;
  [description("The variable-length null-terminated string specifying the name of the computer that generated this event.") : Amended]string ComputerName;
  [description("The user name of the logged on user when the event ocurred. If the user name cannot be determined this will be NULL") : Amended]string User;
  [description("The event message as it appears in the NT Eventlog. This is a standard message with zero or more insertion strings supplied by the source of the NT event. The insertion strings are inserted into the standard message in a predefined format. If there are no insertion strings or there is a problem inserting the insertion strings, only the standard message will be present in this field.") : Amended]string Message;
  [description("The insertion strings that accompanied the report of the NT event.") : Amended]string InsertionStrings[];
  [description("The binary data that accompanied the report of the NT event.") : Amended]Uint8 Data[];
};