Export (0) Print
Expand All
1 out of 3 rated this helpful - Rate this topic

Win32_NTEventlogFile class

The Win32_NTEventlogFileWMI class represents a logical file or directory of operating system events. The file is also known as the event log.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.

Syntax

[Provider("MS_NT_EVENTLOG_PROVIDER"), Dynamic]class Win32_NTEventlogFile : CIM_DataFile
{
  uint32   AccessMask;
  boolean  Archive;
  string   Caption;
  boolean  Compressed;
  string   CompressionMethod;
  string   CreationClassName;
  datetime CreationDate;
  string   CSCreationClassName;
  string   CSName;
  string   Description;
  string   Drive;
  string   EightDotThreeFileName;
  boolean  Encrypted;
  string   EncryptionMethod;
  string   Extension;
  string   FileName;
  uint64   FileSize;
  string   FileType;
  string   FSCreationClassName;
  string   FSName;
  boolean  Hidden;
  datetime InstallDate;
  uint64   InUseCount;
  datetime LastAccessed;
  datetime LastModified;
  string   LogfileName;
  string.  Manufacturer;
  uint32   MaxFileSize;
  string   Name;
  uint32   NumberOfRecords;
  uint32   OverwriteOutDated;
  string   OverWritePolicy;
  string   Path;
  boolean  Readable;
  string   Sources[];
  string   Status;
  boolean  System;
  string   Version;
  boolean  Writeable;
};

Members

The Win32_NTEventlogFile class has these types of members:

Methods

The Win32_NTEventlogFile class has these methods.

MethodDescription
BackupEventLog

Saves the specified event log to a backup file.

ChangeSecurityPermissions

Class method that changes the security permissions for the logical file specified in the Name property.

ChangeSecurityPermissionsEx

Class method that changes the security permissions for the logical file specified in the Name property.

ClearEventLog

Clears the specified event log.

Compress

Class method that compresses the logical file (or directory) specified in the Name property.

CompressEx

Class method that uses NTFS compression to compress the logical file (or directory) specified in the Name property.

Copy

Class method that copies the logical file or directory specified in the Name property to the location specified by the input parameter.

CopyEx

Class method that copies the logical file or directory specified in the Name property to the location specified by the FileName parameter.

Delete

Class method that deletes the logical file (or directory) specified in the Name property.

DeleteEx

Class method that deletes the logical file (or directory) specified in the Name property.

GetEffectivePermission

Class method that determines whether the caller has the aggregated permissions specified by the Permission argument not only on the file object, but on the share the file or directory resides on (if it is on a share).

Rename

Class method that renames the logical file (or directory) specified in the Name property.

TakeOwnerShip

Class method that obtains ownership of the logical file specified in the Name property.

TakeOwnerShipEx

Class method that obtains ownership of the logical file specified in the Name property.

Uncompress

Class method that uncompresses the logical file (or directory) specified in the Name property.

UncompressEx

Class method that uncompresses the logical file (or directory) specified in the Name property.

 

Properties

The Win32_NTEventlogFile class has these properties.

AccessMask
Data type: uint32
Access type: Read-only

Bitmask that represents the access rights required to access or perform specific operations on the event log file. For bit values, see File and Directory Access Rights Constants.

Note  On FAT volumes, the FULL_ACCESS value is returned instead, which indicates no security has been set on the object.

Archive
Data type: boolean
Access type: Read-only

If True, a file that contains Windows events should be archived.

Caption
Data type: string
Access type: Read-only

Short description of the object.

Compressed
Data type: boolean
Access type: Read-only

If True, a file that contains Windows events is compressed.

CompressionMethod
Data type: string
Access type: Read-only

Algorithm or tool used to compress the logical file that contains Windows events.

CreationClassName
Data type: string
Access type: Read-only
Qualifiers: Key, Dynamic, MaxLen (256) , Dynamic

Name of the first concrete class to appear in the inheritance chain used in the creation of an instance. When used with the other key properties of the class, this property allows all instances of this class and its subclasses to be uniquely identified.

CreationDate
Data type: datetime
Access type: Read-only

Date that the file that contains Windows events was created.

CSCreationClassName
Data type: string
Access type: Read-only

Class of the computer system.

CSName
Data type: string
Access type: Read-only

Name of the computer system.

Description
Data type: string
Access type: Read-only

Description of the object.

Drive
Data type: string
Access type: Read-only

Drive letter (including colon) of the file that contains Windows events.

Example: "c:"

EightDotThreeFileName
Data type: string
Access type: Read-only

DOS-compatible file name for the file that contains Windows events.

Example: "c:\progra~1"

Encrypted
Data type: boolean
Access type: Read-only

File that contains Windows events is encrypted.

EncryptionMethod
Data type: string
Access type: Read-only

Algorithm or tool used to encrypt the logical file.

Extension
Data type: string
Access type: Read-only

File name extension (without the dot) of the file that contains Windows events.

Example: "txt", "mof", "mdb"

FileName
Data type: string
Access type: Read-only

File name (without extension) of the file that contains Windows events.

Example: "autoexec"

FileSize
Data type: uint64
Access type: Read-only

Size of the file that contains Windows events (in bytes).

For more information about using uint64 values in scripts, see Scripting in WMI.

FileType
Data type: string
Access type: Read-only

File type (indicated by the Extension property).

FSCreationClassName
Data type: string
Access type: Read-only

Class of the file system.

FSName
Data type: string
Access type: Read-only

Name of the file system.

Hidden
Data type: boolean
Access type: Read-only

If True, a file that contains Windows events is hidden.

InstallDate
Data type: datetime
Access type: Read-only

Object is installed. This property does not need a value to indicate that the object is installed.

InUseCount
Data type: uint64
Access type: Read-only

Number of "file opens" that are currently active against the file that contains Windows events.

For more information about using uint64 values in scripts, see Scripting in WMI.

LastAccessed
Data type: datetime
Access type: Read-only

Date and time that the file that contains Windows events was last accessed.

LastModified
Data type: datetime
Access type: Read-only

Date and time that the file that contains Windows events was last modified.

LogfileName
Data type: string
Access type: Read-only

Name of the file that contains Windows events. Standard log file names include: Application, System, and Security.

Manufacturer
Data type: string.
Access type: Read-only

Manufacturer from version resource, if one is present.

MaxFileSize
Data type: uint32
Access type: Read/write

Maximum size (in bytes) permitted for the file that contains Windows events. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit. WMI retrieves the Maxsize value from the Event Log Service registry values.

Name
Data type: string
Access type: Read-only
Qualifiers: Key, Dynamic

Inherited name that serves as a key of a logical file instance that contains Windows events within a file system. Full path names should be provided.

Example: "c:\winnt\system\win.ini"

NumberOfRecords
Data type: uint32
Access type: Read-only

Number of records in the file that contains Windows events. This value is determined by calling the Windows function GetNumberOfEventLogRecords.

OverwriteOutDated
Data type: uint32
Access type: Read/write
Qualifiers: Units (Days) , Dynamic

Number of days after which an event can be overwritten.

Possible values for OverwriteOutDated include the following.

ValueMeaning
0 (0x0)

Always Overwrite

4294967295 (0xFFFFFFFF)

Never Overwrite

 

Windows Server 2003 and Windows XP:  Possible values for OverwriteOutDated include the following.

ValueMeaning
0 (0x0)

Any entry can be overwritten when necessary.

1...365

Events that have been in the log file for one year (365 days) or less can be overwritten.

4294967295 (0xFFFFFFFF)

Nothing can be ever be overwritten.

 

OverWritePolicy
Data type: string
Access type: Read-only

Current overwrite policy the Event Log service employs for this log file. Data can be never overwritten, or can be overwritten when necessary or when outdated. When data is outdated depends on the OverwriteOutDated value.

ValueMeaning
WhenNeeded

The value of OverwriteOutDated equals 0 (zero).

OutDated

The value of OverwriteOutDated ranges from 1 to 365.

Never

The value of OverwriteOutDated equals 4294967295.

 

Path
Data type: string
Access type: Read-only

Path of the file that contains Windows event. This includes leading and trailing backslashes.

Example: "\windows\system\"

Readable
Data type: boolean
Access type: Read-only

If True, a file that contains Windows events can be read.

Sources
Data type: string array
Access type: Read-only

List of applications that are registered to log into this log file.

Status
Data type: string
Access type: Read-only

Current status of the object.

The values are:

"OK"
"Error"
"Degraded"
"Unknown"
"Pred Fail"
"Starting"
"Stopping"
"Service"
"Stressed"
"NonRecover"
"No Contact"
"Lost Comm"
System
Data type: boolean
Access type: Read-only

If True, a file that contains Windows event is a system file.

Version
Data type: string
Access type: Read-only

Version string from version resource if one is present.

Writeable
Data type: boolean
Access type: Read-only

If True, a file that contains Windows events can be written.

Remarks

The Win32_NTEventlogFile class is derived from CIM_DataFile.

Examples

For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.

For C++ code examples, see WMI C++ Application Examples.

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2

MOF

Ntevt.mof

DLL

Ntevt.dll

See also

Operating System Classes

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.