NTEventLogEventConsumer class

The NTEventLogEventConsumer class logs a specific message to the operating system event log when an event is delivered to it. This class is one of the standard event consumers that WMI provides. For more information, see Monitoring and Responding to Events with Standard Consumers.

Syntax

[AMENDMENT]
class NTEventLogEventConsumer : __EventConsumer
{
  uint8  CreatorSID[];
  string MachineName;
  uint32 MaximumQueueSize;
  uint16 Category;
  string NameOfRawDataProperty;
  uint32 EventID;
  uint32 EventType = 1;
  string InsertionStringTemplates[] = {""};
  string Name;
  uint32 NumberOfInsertionStrings = 0;
  string NameOfUserSidProperty;
  string SourceName;
  string UNCServerName;
};

Members

The NTEventLogEventConsumer class has these types of members:

Properties

The NTEventLogEventConsumer class has these properties.

Category
Data type: uint16
Access type: Read-only

Event category. This is source-specific information and can have any value.

CreatorSID
Data type: uint8 array
Access type: Read-only

Security identifier (SID) that uniquely identifies the user who creates a filter. WMI stores the SID of the user who creates an instance of __EventConsumer or the Administrator SID, depending on the operating system. For more information, see Binding an Event Filter with a Logical Consumer and Monitoring and Responding to Events with Standard Consumers.

This property is inherited from __EventConsumer.

EventID
Data type: uint32
Access type: Read-only

Event message in the message DLL. This property cannot be NULL.

EventType
Data type: uint32
Access type: Read-only

Type of event. This parameter can have one of the values listed in the following list, which are defined in Winnt.h.

EVENTLOG_SUCCESS (0 (0x0))

Successful event

EVENTLOG_ERROR_TPYE (1 (0x1))

Error event

EVENTLOG_WARNING_TYPE (2 (0x2))

Warning event

EVENTLOG_INFORMATION_TYPE (4 (0x4))

Information event

EVENTLOG_AUDIT_SUCCESS (8 (0x8))

Success audit type

EVENTLOG_AUDIT_FAILURE (16 (0x10))

Failure audit type

InsertionStringTemplates
Data type: string array
Access type: Read-only

Array of standard string templates that is used as the insertion string for an event log record.

MachineName
Data type: string
Access type: Read-only

Name of the computer to which Windows Management Instrumentation (WMI) sends events.

This property is inherited from __EventConsumer.

MaximumQueueSize
Data type: uint32
Access type: Read-only

Maximum queue for a specific consumer, in bytes.

This property is inherited from __EventConsumer.

Name
Data type: string
Access type: Read-only
Qualifiers: key

Unique name of a consumer.

NameOfRawDataProperty
Data type: string
Access type: Read-only

Name of the event property that contains data to be passed to the ReportEvent function lpRawData parameter.

NameOfUserSidProperty
Data type: string
Access type: Read-only

Name of the event property that contains a security identifier (SID) to be passed to the ReportEvent function lpUserSid parameter. The property must be either an array of bytes (uint8) or a string. If it is an array of bytes, it is assumed to be a SID. If it is a string, it is a string SID that is converted into a SID.

NumberOfInsertionStrings
Data type: uint32
Access type: Read-only

Number of elements in the InsertionStringTemplates array.

SourceName
Data type: string
Access type: Read-only

Source name where a message is located. The customer is assumed to have registered a DLL with the necessary messages.

Note  The value of this parameter must not include a colon (:) character.
 
UNCServerName
Data type: string
Access type: Read-only

Name of the computer on which to log an event, or NULL if the event is to be logged on a local server.

Authenticated users cannot, by default, log events to the Application log on a remote computer. As a result, using this property to specify a remote computer will not work. To learn how to change event log security, consult this KB article.

Remarks

The NTEventLogEventConsumer class is derived from the __EventConsumer abstract class.

Examples

For an example of using NTEventLogEventConsumer to create a consumer, see Logging to NT Event Log Based on an Event.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Namespace

Root\subscription

MOF

Wbemcons.mof

DLL

Wbemcons.dll

See also

Standard Consumer Classes
Creating a Logical Consumer
Receiving Events At All Times
__EventConsumer

 

 

Show: