1.1 Glossary

  • Article

This document uses the following terms:

backup event log: An event log that cannot be written to, only read from. Backup event logs are typically used for archival purposes, or for copying to another computer for use by support personnel.

channel: A destination of event writes and a source for event reads. The physical backing store is a live event log.

cursor: The current position within a result set.

endpoint: A network-specific address of a remote procedure call (RPC) server process for remote procedure calls. The actual name and type of the endpoint depends on the RPC protocol sequence that is being used. For example, for RPC over TCP (RPC Protocol Sequence ncacn_ip_tcp), an endpoint might be TCP port 1025. For RPC over Server Message Block (RPC Protocol Sequence ncacn_np), an endpoint might be the name of a named pipe. For more information, see [C706].

event: A discrete unit of historical data that an application exposes that may be relevant to other applications. An example of an event would be a particular user logging on to the computer.

event descriptor: A structure indicating the kind of event. For example, a user logging on to the computer could be one kind of event, while a user logging off would be another, and these events could be indicated by using distinct event descriptors.

event log: A collection of records, each of which corresponds to an event.

event metadata: The metadata of an event provider including the event definition, events, channels the provider generates the events into, the unique identifier of the provider, and the localized string tables for this provider.

globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the GUID. See also universally unique identifier (UUID).

Interface Definition Language (IDL): The International Standards Organization (ISO) standard language for specifying the interface for remote procedure calls. For more information, see [C706] section 4.

live event log: An event log that can be written to and read from.

opnum: An operation number or numeric identifier that is used to identify a specific remote procedure call (RPC) method or a method in an interface. For more information, see [C706] section 12.5.2.12 or [MS-RPCE].

publisher: In the context of events: The source of event generation. An application or component that writes to one or more event logs. An application that publishes events.

publisher metadata: The metadata of an event that includes the predefined property values of one event and the event user-defined data definition.

query: A context-dependent term commonly overloaded with three meanings, defined as follows: The act of requesting records from a set of records or the request itself. The particular string defining the criteria for which records are to be returned. This string can either be an XPath, as specified in [XPATH], (for more information, see [MS-EVEN6] section 2.2.15) or a structured XML query, as specified in [XML10], (for more information, see [MS-EVEN6] section 2.2.16).

record: The data structure that contains an event that is currently represented in an event log.

remote procedure call (RPC): A communication protocol used primarily between client and server. The term has three definitions that are often used interchangeably: a runtime environment providing for communication facilities between computers (the RPC runtime); a set of request-and-response message exchanges between computers (the RPC exchange); and the single message from an RPC exchange (the RPC message).  For more information, see [C706].

result set: A set of records that are selected by a query.

RPC dynamic endpoint: A network-specific server address that is requested and assigned at run time, as described in [C706].

RPC endpoint: A network-specific address of a server process for remote procedure calls (RPCs). The actual name of the RPC endpoint depends on the RPC protocol sequence being used. For example, for the NCACN_IP_TCP RPC protocol sequence an RPC endpoint might be TCP port 1025. For more information, see [C706].

RPC protocol sequence: A character string that represents a valid combination of a remote procedure call (RPC) protocol, a network layer protocol, and a transport layer protocol, as described in [C706] and [MS-RPCE].

structured XML query: An XML document that specifies a query that can contain multiple subqueries. For more information, see section 2.2.16.

subquery: A component of a structured XML query. For more information, see section 2.2.16.

subscription filter: An XPath query expression used in a subscription to filter out events that do not meet certain criteria from the client.

universally unique identifier (UUID): A 128-bit value. UUIDs can be used for multiple purposes, from tagging objects with an extremely short lifetime, to reliably identifying very persistent objects in cross-process communication such as client and server interfaces, manager entry-point vectors, and RPC objects. UUIDs are highly likely to be unique. UUIDs are also known as globally unique identifiers (GUIDs) and these terms are used interchangeably in the Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the UUID. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the UUID.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.