Export (0) Print
Expand All

4.13 Publisher Table and Channel Table Example

A publisher table is a list of publishers. The following example shows a publisher table with two entries.

{0063715b-eeda-4007-9429-ad526f62696e}    -------------    Publisher ID
"Microsoft-Windows-Services"                             ------  Publisher Name
    "%SystemRoot%\system32\services.exe"                 ------  Resource File
    "%SystemRoot%\system32\services.exe"                 ------  Message File
    "w                                                   ------ Parameter File(empty)
Channels
    1   ----------  channel count
         0x10  --------- channel ID for the channel 1         
         0     --------- channel flags for the channel 1
         0     --------- channel start index for the channel 1
         "Microsoft-Windows-Services/Operational"  --------  channel name for channel 1

{134ea407-755d-4a93-b8a6-f290cd155023}        -------------    Publisher ID
"Microsoft-Windows-HomeGroup-ControlPanel"    ------  Publisher Name
    "%SystemRoot%\system32\hgcpl.dll"         ------  Resource File
    "%SystemRoot%\system32\hgcpl.dll"         ------  Message File
    ""                                        ------ Parameter File(empty)
Channels
    2   ----------  channel count
         0x10  --------- channel ID for the channel 1
         0     --------- channel flags for the channel 1
         0     --------- channel start index for the channel 1
         "Microsoft-Windows-HomeGroup-ControlPanel/operational" ---- channel name for channel 1
    0x11  --------- channel ID for the channel 2
         0     --------- channel flags for the channel 2
         0     --------- channel start index for the channel 2
         "Microsoft-Windows-HomeGroup-ControlPanel/admin"   ---- channel name for channel 2

A channel table is a list of registered channels on the server. The following example shows a channel table with one channel entry:

ForwardedEvents             ----  Name of the channel
Enabled: 0
Isolation: 2
Type: 1
OwningPublisher: {b977cf02-76f6-df84-cc1a-6a4b232322b6}
Classic: 0
Access:    O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Retention: 0
Autobackup: 0
MaxSize: 0x01400000
FilePath: "%SystemRoot%\system32\winevt\logs\forwardedevents.evtx"
Level:    0x0000FFFF
Keywords: 0xFFFFFFFFFFFFFFFF
ControlGuid: {00000000-0000-0000-0000-000000000000}
BufferSize: 0x000000000000FFFF
MinBuffers: 4
MaxBuffers: 10
Latency: 1
ClockType: 0
SIDType: 1
FileMax: 16

Note  The list of the publishers is not in the channel table entry because the channel table entry is built at runtime using the publisher table and the channel name.

 
Show:
© 2014 Microsoft