// Copyright (c) 1997-2003 Microsoft Corporation, All Rights Reserved #pragma autorecover #pragma classflags(64) #pragma namespace("\\\\.\\Root\\CIMV2") instance of __namespace{ name="ms_409";}; #pragma namespace("\\\\.\\Root\\CIMV2\\ms_409") [AMENDMENT, LOCALE(0x0409) : ToInstance] class Win32_NTEventlogFile : CIM_DataFile { [Description("The LogFileName property indicates name of the log file.") : Amended ToSubclass] string LogfileName; [Description("The MaxFileSize property indicates the maximum size (in bytes) permitted for the log file. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit. ") : Amended ToSubclass] uint32 MaxFileSize; [Description("Number of records in the log file. This value is determined by calling the Win32 function GetNumberOfEventLogRecords.") : Amended ToSubclass] uint32 NumberOfRecords; [Description("Current overwrite policy the Windows NT/Windows 2000 Event Log service employs for this log file. The possible values of the property are: \nWhenNeeded - This corresponds to OverWriteOutdated = 0.\nOutDated - This corresponds to OverWriteOutdated of 1 to 365.\nNever - This corresponds to OverWriteOutdated = 4294967295. \nThere is an interdependence between the OverWriteOutDated property (which is writable) value and the OverWritePolicy property (which is not writable) value.\nIf one changes the OverWriteOutDated property value to 0, the OverWritePolicy property value will be 'henNeeded' \nIf one changes the OverWriteOutDated property value to 1-365, the OverWritePolicy property value will be 'outDated' \nIf one changes the OverWriteOutDated property value to 4294967295, the OverWritePolicy property value will be 'Never'.") : Amended ToSubclass,Values{"WhenNeeded", "OutDated", "Never"} : Amended ToSubclass] string OverWritePolicy; [Description("Number of days after which an event can be overwritten. Values are:\n0 = Any entry can be overwritten when necessary.1..365 = Events that have been in the log file for one year (365 days) or less can be overwritten.4294967295 = Nothing can be ever be overwritten. \nThere is an interdependence between the OverWriteOutDated property (which is writable) value and the OverWritePolicy property (which is not writable) value.\nIf one changes the OverWriteOutDated property value to 0, the OverWritePolicy property value will be 'henNeeded' \nIf one changes the OverWriteOutDated property value to 1-365, the OverWritePolicy property value will be 'outDated' \nIf one changes the OverWriteOutDated property value to 4294967295, the OverWritePolicy property value will be 'Never'.") : Amended ToSubclass,Units("days") : Amended ToSubclass] uint32 OverwriteOutDated; [Description("The Sources property indicates the applications that are registered to log into this log file.") : Amended ToSubclass] string Sources[]; [Description("Clears the specified event log, and optionally saves the current copy of the logfile to a backup file. The method returns an integer value that can be interpretted as follows: \n0 - Successful completion.\n8 - The user does not have adequate privileges.\n21 - Invalid parameter.\nOther - For integer values other than those listed above, refer to Win32 error code documentation.") : Amended ToSubclass,Values{"Success", "Privilege missing", "Invalid parameter", "Other"} : Amended ToSubclass] uint32 ClearEventlog([Description("String specifying the name of a file in which a current copy of the event logfile will be placed. If this file already exists, the function fails. ") : Amended ToSubclass,in] string ArchiveFileName); [Description("Saves the specified event log to a backup file. The method returns an integer value that can be interpretted as follows: \n0 - Successful completion.\n8 - The user does not have adequate privileges.\n21 - Invalid parameter.\n183 - Archive file name already exists. Cannot create file. \nOther - For integer values other than those listed above, refer to Win32 error code documentation.") : Amended ToSubclass,Values{"Success", "Privilege missing", "Invalid parameter", "Archive file name already exists.", "Other"} : Amended ToSubclass] uint32 BackupEventlog([Description("String specifying the name of the backup file.") : Amended ToSubclass,in] string ArchiveFileName); }; [DisplayName("NT Log Events") : Amended,Description("This class is used to translate instances from the NT Eventlog.") : Amended ToSubclass,AMENDMENT, LOCALE(0x0409) : ToInstance] class Win32_NTLogEvent { [DisplayName("Record Number") : Amended,Key : ToInstance ToSubclass DisableOverride,Description("Identifies the event within the NT Eventlog logfile. This is specific to the logfile and is used together with the logfile name to uniquely identify an instance of this class.") : Amended ToSubclass] uint32 RecordNumber; [DisplayName("Log File") : Amended,Key : ToInstance ToSubclass DisableOverride,Description("The name of NT Eventlog logfile. This is used together with the RecordNumber to uniquely identify an instance of this class.") : Amended ToSubclass] string Logfile; [DisplayName("Event Identifier") : Amended,Description("Identifies the event. This is specific to the source that generated the event log entry, and is used, together with SourceName, to uniquely identify an NT event type.") : Amended ToSubclass] uint32 EventIdentifier; [DisplayName("Event Code") : Amended,Description("This property has the value of the lower 16-bits of the EventIdentifier property. It is present to match the value displayed in the NT Event Viewer. NOTE: Two events from the same source may have the same value for this property but may have different severity and EventIdentifier values") : Amended ToSubclass] uint16 EventCode; [DisplayName("Source Name") : Amended,Description("The variable-length null-terminated string specifying the name of the source (application, service, driver, subsystem) that generated the entry. It is used, together with the EventIdentifier, to uniquely identify an NT event type.") : Amended ToSubclass] string SourceName; [DisplayName("Type") : Amended,Description("Specifies the type of event. This is an enumerated string") : Amended ToSubclass,Values{"Success", "Error", "Warning", "Information", "Audit Success", "Audit Failure"} : Amended ToSubclass] string Type; [DisplayName("Category") : Amended,Description("Specifies a subcategory for this event. This subcategory is source specific.") : Amended ToSubclass] uint16 Category; [DisplayName("Category String") : Amended,Description("Specifies the translation of the subcategory. The translation is source specific.") : Amended ToSubclass] string CategoryString; [DisplayName("Time Generated") : Amended,Description("Specifies the time at which the source generated the event.") : Amended ToSubclass] datetime TimeGenerated; [DisplayName("Time Written") : Amended,Description("Specifies the time at which the event was written to the logfile.") : Amended ToSubclass] datetime TimeWritten; [DisplayName("Computer Name") : Amended,Description("The variable-length null-terminated string specifying the name of the computer that generated this event.") : Amended ToSubclass] string ComputerName; [DisplayName("User Name") : Amended,Description("The user name of the logged on user when the event ocurred. If the user name cannot be determined this will be NULL") : Amended ToSubclass] string User; [DisplayName("Message") : Amended,Description("The event message as it appears in the NT Eventlog. This is a standard message with zero or more insertion strings supplied by the source of the NT event. The insertion strings are inserted into the standard message in a predefined format. If there are no insertion strings or there is a problem inserting the insertion strings, only the standard message will be present in this field.") : Amended ToSubclass] string Message; [DisplayName("Insertion Strings") : Amended,Description("The insertion strings that accompanied the report of the NT event.") : Amended ToSubclass] string InsertionStrings[]; [DisplayName("Binary Data") : Amended,Description("The binary data that accompanied the report of the NT event.") : Amended ToSubclass] Uint8 Data[]; [Description("The Type property specifies the type of event.") : Amended ToSubclass,DisplayName("Type Event") : Amended,Values{"Success", "Error", "Warning", "Information", "Security Audit Success", "Security Audit Failure"} : Amended ToSubclass] uint8 EventType; }; [Description("The Win32_NTLogEventLog class represents an association between an NT log event and the log file that contains the event.") : Amended ToSubclass,AMENDMENT, LOCALE(0x0409) : ToInstance] class Win32_NTLogEventLog { [Description("The Log property references the log file that contains the NT log event.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_NTEventlogFile Ref Log; [Description("The Record property references an NT log event.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_NTLogEvent Ref Record; }; [Description("The Win32_NTLogEventUser class represents an association between an NT log event and the active user at the time the event was logged. ") : Amended ToSubclass,AMENDMENT, LOCALE(0x0409) : ToInstance] class Win32_NTLogEventUser { [Description("The User property references the active user at the time the event was logged.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_UserAccount Ref User; [Description("The Record property references an NT log event.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_NTLogEvent Ref Record; }; [Description("The Win32_NTLogEventComputer class represents an association between an NT log event and the computer from which the event was generated.") : Amended ToSubclass,AMENDMENT, LOCALE(0x0409) : ToInstance] class Win32_NTLogEventComputer { [Description("The Computer property references the computer from which the event was generated.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_ComputerSystem Ref Computer; [Description("The Record property references an NT log event.") : Amended ToSubclass,Key : ToInstance ToSubclass DisableOverride] Win32_NTLogEvent Ref Record; };