4.13 Publisher Table and Channel Table Example
A publisher table is a list of publishers. The following example shows a publisher table with two entries.
-
{0063715b-eeda-4007-9429-ad526f62696e} ------------- Publisher ID "Microsoft-Windows-Services" ------ Publisher Name "%SystemRoot%\system32\services.exe" ------ Resource File "%SystemRoot%\system32\services.exe" ------ Message File "w ------ Parameter File(empty) Channels 1 ---------- channel count 0x10 --------- channel ID for the channel 1 0 --------- channel flags for the channel 1 0 --------- channel start index for the channel 1 "Microsoft-Windows-Services/Operational" -------- channel name for channel 1 {134ea407-755d-4a93-b8a6-f290cd155023} ------------- Publisher ID "Microsoft-Windows-HomeGroup-ControlPanel" ------ Publisher Name "%SystemRoot%\system32\hgcpl.dll" ------ Resource File "%SystemRoot%\system32\hgcpl.dll" ------ Message File "" ------ Parameter File(empty) Channels 2 ---------- channel count 0x10 --------- channel ID for the channel 1 0 --------- channel flags for the channel 1 0 --------- channel start index for the channel 1 "Microsoft-Windows-HomeGroup-ControlPanel/operational" ---- channel name for channel 1 0x11 --------- channel ID for the channel 2 0 --------- channel flags for the channel 2 0 --------- channel start index for the channel 2 "Microsoft-Windows-HomeGroup-ControlPanel/admin" ---- channel name for channel 2
A channel table is a list of registered channels on the server. The following example shows a channel table with one channel entry:
-
ForwardedEvents ---- Name of the channel Enabled: 0 Isolation: 2 Type: 1 OwningPublisher: {b977cf02-76f6-df84-cc1a-6a4b232322b6} Classic: 0 Access: O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573) Retention: 0 Autobackup: 0 MaxSize: 0x01400000 FilePath: "%SystemRoot%\system32\winevt\logs\forwardedevents.evtx" Level: 0x0000FFFF Keywords: 0xFFFFFFFFFFFFFFFF ControlGuid: {00000000-0000-0000-0000-000000000000} BufferSize: 0x000000000000FFFF MinBuffers: 4 MaxBuffers: 10 Latency: 1 ClockType: 0 SIDType: 1 FileMax: 16
Note The list of the publishers is not in the channel table entry because the channel table entry is built at runtime using the publisher table and the channel name.