1 Introduction

The EventLog Remoting Protocol is an RPC-based protocol that exposes remote procedure call (RPC) methods for reading events in both live event logs and backup event logs on remote computers. The protocol also specifies how to get general information on a log, such as the number of records in the log, the oldest records in the log, and if the log is full. The protocol can also be used for clearing and backing up both types of event logs.

Note Early releases of the EventLog Remoting Protocol have never been assigned a version number. However, newer releases of the EventLog Remoting Protocol have version numbers. For example, the version released with Windows Vista operating system is version 6.0.

Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.