The EventLog Remoting Protocol Version 6.0, originally available in the Windows Vista operating system, is a remote procedure call (RPC)–based protocol that exposes RPC methods for reading events in both live event logs and backup event logs on remote computers. This protocol also specifies how to get general information for a log, such as number of records in the log, oldest records in the log, and if the log is full. It may also be used for clearing and backing up both types of event logs.
Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.