Win32_NTLogEvent

This class is used to translate instances from the NT Eventlog.

Quick Start

Properties

In this WMI class, all WMI properties are read-only. You can only read values but not change them.

Category

Data type UInt16

Specifies a subcategory for this event. This subcategory is source specific.

CategoryString

Data type String

Specifies the translation of the subcategory. The translation is source specific.

ComputerName

Data type String

The variable-length null-terminated string specifying the name of the computer that generated this event.

Data

Data type UInt8

The binary data that accompanied the report of the NT event.

EventCode

Data type UInt16

This property has the value of the lower 16-bits of the EventIdentifier property. It is present to match the value displayed in the NT Event Viewer. NOTE: Two events from the same source may have the same value for this property but may have different severity and EventIdentifier values

EventIdentifier

Data type UInt32

Identifies the event. This is specific to the source that generated the event log entry, and is used, together with SourceName, to uniquely identify an NT event type.

EventType

Data type UInt8

The Type property specifies the type of event.

$EventType_ReturnValue = 
@{
    0='Success'
    1='Error'
    2='Warning'
    3='Information'
    4='Security Audit Success'
    5='Security Audit Failure'
}

InsertionStrings

Data type String

The insertion strings that accompanied the report of the NT event.

Logfile

Data type String

The name of NT Eventlog logfile. This is used together with the RecordNumber to uniquely identify an instance of this class.

Message

Data type String

The event message as it appears in the NT Eventlog. This is a standard message with zero or more insertion strings supplied by the source of the NT event. The insertion strings are inserted into the standard message in a predefined format. If there are no insertion strings or there is a problem inserting the insertion strings, only the standard message will be present in this field.

Option

Data type UInt32

RecordNumber

Data type UInt32

Identifies the event within the NT Eventlog logfile. This is specific to the logfile and is used together with the logfile name to uniquely identify an instance of this class.

Recursive

Data type Boolean

SecurityDescriptor

Data type Object

SourceName

Data type String

The variable-length null-terminated string specifying the name of the source (application, service, driver, subsystem) that generated the entry. It is used, together with the EventIdentifier, to uniquely identify an NT event type.

StartFileName

Data type String

TimeGenerated

Data type DateTime

Specifies the time at which the source generated the event.

TimeWritten

Data type DateTime

Specifies the time at which the event was written to the logfile.

Type

Data type String

Specifies the type of event. This is an enumerated string

$Type_ReturnValue = 
@{
    0='Success'
    1='Error'
    2='Warning'
    4='Information'
    8='Audit Success'
   16='Audit Failure'
}

User

Data type String

The user name of the logged on user when the event ocurred. If the user name cannot be determined this will be NULL

Methods

Examples

See Also

Help and Questions

  Community Content

You are cordially invited to add knowledge to this page. If you have sample code or additional information related to this WMI class, please share it. Use the comment form to send your information. We will edit and incorparate it into the reference library. Thank you!

Please do not use the comment form to submit questions. If you have questions or need assistance, visit our free forum: Help me with WMI.

Content last updated: 2013-12-27 12:26:00 (UTC).

Facebooktwittergoogle_pluspinterestlinkedinFacebooktwittergoogle_pluspinterestlinkedin