Export (0) Print
Expand All
11 out of 14 rated this helpful - Rate this topic

Win32_NTLogEvent class

The Win32_NTLogEventWMI class is used to translate instances from the Windows event log. An application must have SeSecurityPrivilege to receive events from the security event log, otherwise "Access Denied" is returned to the application.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

class Win32_NTLogEvent
{
  uint16   Category;
  string   CategoryString;
  string   ComputerName;
  uint8    Data[];
  uint16   EventCode;
  uint32   EventIdentifier;
  uint8    EventType;
  string   InsertionStrings[];
  string   Logfile;
  string   Message;
  uint32   RecordNumber;
  string   SourceName;
  datetime TimeGenerated;
  datetime TimeWritten;
  string   Type;
  string   User;
};

Members

The Win32_NTLogEvent class has these types of members:

Properties

The Win32_NTLogEvent class has these properties.

Category
Data type: uint16
Access type: Read-only

Subcategory for this event. This subcategory is source-specific.

CategoryString
Data type: string
Access type: Read-only

Translation of the subcategory. The translation is source-specific.

ComputerName
Data type: string
Access type: Read-only

Name of the computer that generated this event.

Data
Data type: uint8 array
Access type: Read-only

List of the binary data that accompanied the report of the Windows event.

EventCode
Data type: uint16
Access type: Read-only

Value of the lower 16-bits of the EventIdentifier property. It is present to match the value displayed in the Windows Event Viewer.

Note  Two events from the same source may have the same value for this property but may have different severity and EventIdentifier values.

EventIdentifier
Data type: uint32
Access type: Read-only

Identifier of the event. This is specific to the source that generated the event log entry and is used, together with SourceName, to uniquely identify a Windows event type.

EventType
Data type: uint8
Access type: Read-only

Windows Server 2003 and Windows XP:  Type of event.

ValueMeaning
1

Error

2

Warning

3

Information

4

Security Audit Success

5

Security Audit Failure

 

InsertionStrings
Data type: string array
Access type: Read-only

List of the insertion strings that accompanied the report of the Windows event.

Logfile
Data type: string
Access type: Read-only
Qualifiers: Key

Name of Windows event log file. Together with RecordNumber, this is used to uniquely identify an instance of this class.

Message
Data type: string
Access type: Read-only

Event message as it appears in the Windows event log. This is a standard message with zero or more insertion strings supplied by the source of the Windows event. The insertion strings are inserted into the standard message in a predefined format. If there are no insertion strings or there is a problem inserting the insertion strings, only the standard message will be present in this field.

RecordNumber
Data type: uint32
Access type: Read-only
Qualifiers: Key

Identifies the event within the Windows event log file. This is specific to the log file and is used together with the log file name to uniquely identify an instance of this class.

SourceName
Data type: string
Access type: Read-only

Name of the source (application, service, driver, or subsystem) that generated the entry. It is used, together with EventIdentifier to uniquely identify a Windows event type.

TimeGenerated
Data type: datetime
Access type: Read-only

The time when the event is generated.

TimeWritten
Data type: datetime
Access type: Read-only

The time when the event is written to the log file.

Type
Data type: string
Access type: Read-only

Type of event. This is an enumerated string. It is preferable to use the EventType property rather than the Type property.

ValueMeaning
1

Error

2

Warning

4

Information

8

Security Audit Success

16

Security Audit Failure

 

User
Data type: string
Access type: Read-only

User name of the logged-on user when the event occurred. If the user name cannot be determined, this will be NULL.

Examples

For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.

For C++ code examples, see WMI C++ Application Examples.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2

MOF

Ntevt.mof

DLL

Ntevt.dll

See also

Operating System Classes

 

 

Show:
© 2014 Microsoft. All rights reserved.