The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
class Win32_NTEventlogFile : CIM_DataFile
{
uint32 AccessMask;
boolean Archive;
string Caption;
boolean Compressed;
string CompressionMethod;
string CreationClassName;
datetime CreationDate;
string CSCreationClassName;
string CSName;
string Description;
string Drive;
string EightDotThreeFileName;
boolean Encrypted;
string EncryptionMethod;
string Extension;
string FileName;
uint64 FileSize;
string FileType;
string FSCreationClassName;
string FSName;
boolean Hidden;
datetime InstallDate;
uint64 InUseCount;
datetime LastAccessed;
datetime LastModified;
string LogfileName;
string. Manufacturer;
uint32 MaxFileSize;
string Name;
uint32 NumberOfRecords;
uint32 OverwriteOutDated;
string OverWritePolicy;
string Path;
boolean Readable;
string Sources[];
string Status;
boolean System;
string Version;
boolean Writeable;
};
| Method | Description |
|---|
TakeOwnerShip |
Class method that obtains ownership of the logical file specified in the Name
property.
|
ChangeSecurityPermissions |
Class method that changes the security permissions for the logical file specified in the Name
property.
|
Copy |
Class method that copies the logical file or directory specified in the Name
property to the location specified by the input parameter.
|
Rename |
Class method that renames the logical file (or directory) specified in the Name
property.
|
Delete |
Class method that deletes the logical file (or directory) specified in the Name
property.
|
Compress |
Class method that compresses the logical file (or directory) specified in the Name
property.
|
Uncompress |
Class method that uncompresses the logical file (or directory) specified in the Name
property.
|
TakeOwnerShipEx |
Class method that obtains ownership of the logical file specified in the Name
property.
|
ChangeSecurityPermissionsEx |
Class method that changes the security permissions for the logical file specified in the Name
property.
|
CopyEx |
Class method that copies the logical file or directory specified in the Name
property to the location specified by the FileName parameter.
|
DeleteEx |
Class method that deletes the logical file (or directory) specified in the Name
property.
|
CompressEx |
Class method that uses NTFS compression to compress the logical file (or directory) specified in the Name
property.
|
UncompressEx |
Class method that uncompresses the logical file (or directory) specified in the Name
property.
|
GetEffectivePermission |
Class method that determines whether the caller has the aggregated permissions specified by the Permission argument not only on the file object, but on the share the file or directory resides on (if it is on a share).
|
ClearEventLog |
Clears the specified event log.
|
BackupEventLog |
Saves the specified event log to a backup file.
|
- AccessMask
-
- Data type: uint32
- Access type: Read-only
Bit mask that represents the access rights required to access or perform specific operations on the event log file. For bit values, see File and Directory Access Rights Constants.
Windows 2000 and Windows NT 4.0: On FAT volumes, the FULL_ACCESS value is returned instead, which indicates no security has been set on the object.
- Archive
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT events should be archived.
- Caption
-
- Data type: string
- Access type: Read-only
Short description (one-line string) of the object.
- Compressed
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT events is compressed.
- CompressionMethod
-
- Data type: string
- Access type: Read-only
Algorithm or tool used to compress the logical file that contains Windows NT events.
- CreationClassName
-
- Data type: string
- Access type: Read-only
- Qualifiers: Key, MaxLen(256)
Name of the first concrete class to appear in the inheritance chain used in the creation of an instance. When used with the other key properties of the class, this property allows all instances of this class and its subclasses to be uniquely identified.
- CreationDate
-
- Data type: datetime
- Access type: Read-only
Date that the file that contains Windows NT events was created.
- CSCreationClassName
-
- Data type: string
- Access type: Read-only
Class of the computer system.
- CSName
-
- Data type: string
- Access type: Read-only
Name of the computer system.
- Description
-
- Data type: string
- Access type: Read-only
Description of the object.
- Drive
-
- Data type: string
- Access type: Read-only
Drive letter (including colon) of the file that contains Windows NT events.
Example: "c:"
- EightDotThreeFileName
-
- Data type: string
- Access type: Read-only
DOS-compatible file name for the file that contains Windows NT events.
Example: "c:\progra~1"
- Encrypted
-
- Data type: boolean
- Access type: Read-only
File that contains Windows NT events is encrypted.
- EncryptionMethod
-
- Data type: string
- Access type: Read-only
Algorithm or tool used to encrypt the logical file.
- Extension
-
- Data type: string
- Access type: Read-only
File name extension (without the dot) of the file that contains Windows NT events.
Example: "txt", "mof", "mdb"
- FileName
-
- Data type: string
- Access type: Read-only
File name (without extension) of the file that contains Windows NT events.
Example: "autoexec"
- FileSize
-
- Data type: uint64
- Access type: Read-only
Size of the file that contains Windows NT events (in bytes).
For more information about using uint64 values in scripts, see Scripting in WMI.
- FileType
-
- Data type: string
- Access type: Read-only
File type (indicated by the Extension property).
- FSCreationClassName
-
- Data type: string
- Access type: Read-only
Class of the file system.
- FSName
-
- Data type: string
- Access type: Read-only
Name of the file system.
- Hidden
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT events is hidden.
- InstallDate
-
- Data type: datetime
- Access type: Read-only
Object is installed. This property does not need a value to indicate that the object is installed.
- InUseCount
-
- Data type: uint64
- Access type: Read-only
Number of "file opens" that are currently active against the file that contains Windows NT events.
For more information about using uint64 values in scripts, see Scripting in WMI.
- LastAccessed
-
- Data type: datetime
- Access type: Read-only
Date and time that the file that contains Windows NT events was last accessed.
- LastModified
-
- Data type: datetime
- Access type: Read-only
Date and time that the file that contains Windows NT events was last modified.
- LogfileName
-
- Data type: string
- Access type: Read-only
Name of the file that contains Windows NT events. Standard log file names include: Application, System, and Security.
- Manufacturer
-
- Data type: string.
- Access type: Read-only
Manufacturer from version resource, if one is present.
- MaxFileSize
-
- Data type: uint32
- Access type: Read/write
Maximum size (in bytes) permitted for the file that contains Windows NT events. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit. WMI retrieves the Maxsize value from the Event Log Service registry values.
- Name
-
- Data type: string
- Access type: Read-only
- Qualifiers: Key
Inherited name that serves as a key of a logical file instance that contains Windows NT events within a file system. Full path names should be provided.
Example: "c:\winnt\system\win.ini"
- NumberOfRecords
-
- Data type: uint32
- Access type: Read-only
Number of records in the file that contains Windows NT events. This value is determined by calling the Windows function GetNumberOfEventLogRecords.
- OverwriteOutDated
-
- Data type: uint32
- Access type: Read/write
- Qualifiers: Units(Days)
Number of days after which an event can be overwritten.
Possible values for OverwriteOutDated include the following.
| Value | Meaning |
|---|
- 0 (0x0)
| Always Overwrite
|
- 4294967295 (0xFFFFFFFF)
| Never Overwrite
|
Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0: Possible values for
OverwriteOutDated include the following.
| Value | Meaning |
|---|
- 0 (0x0)
| Any entry can be overwritten when necessary.
|
- 1...365
| Events that have been in the log file for one year (365 days) or less can be overwritten.
|
- 4294967295 (0xFFFFFFFF)
| Nothing can be ever be overwritten.
|
- OverWritePolicy
-
- Data type: string
- Access type: Read-only
Current overwrite policy the Event Log service employs for this log file. Data can be never overwritten, or can be overwritten when necessary or when outdated. When data is outdated depends on the OverwriteOutDated value.
| Value | Meaning |
|---|
- WhenNeeded
| The value of OverwriteOutDated equals 0 (zero).
|
- OutDated
| The value of OverwriteOutDated ranges from 1 to 365.
|
- Never
| The value of OverwriteOutDated equals 4294967295.
|
- Path
-
- Data type: string
- Access type: Read-only
Path of the file that contains Windows NT event. This includes leading and trailing backslashes.
Example: "\windows\system\"
- Readable
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT events can be read.
- Sources
-
- Data type: string array
- Access type: Read-only
List of applications that are registered to log into this log file.
- Status
-
- Data type: string
- Access type: Read-only
Current status of the object.
The values are:
- "OK"
- "Error"
- "Degraded"
- "Unknown"
- "Pred Fail"
- "Starting"
- "Stopping"
- "Service"
- "Stressed"
-
"NonRecover"
- "No Contact"
- "Lost Comm"
- System
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT event is a system file.
- Version
-
- Data type: string
- Access type: Read-only
Version string from version resource if one is present.
- Writeable
-
- Data type: boolean
- Access type: Read-only
If True, a file that contains Windows NT events can be written.