NTEventLogEventConsumer class
The NTEventLogEventConsumer class logs a specific message to the operating system event log when an event is delivered to it. This class is one of the standard event consumers that WMI provides. For more information, see Monitoring and Responding to Events with Standard Consumers.
Syntax
[AMENDMENT]
class NTEventLogEventConsumer : __EventConsumer
{
uint8 CreatorSID[];
string MachineName;
uint32 MaximumQueueSize;
uint16 Category;
string NameOfRawDataProperty;
uint32 EventID;
uint32 EventType = 1;
string InsertionStringTemplates[] = {""};
string Name;
uint32 NumberOfInsertionStrings = 0;
string NameOfUserSidProperty;
string SourceName;
string UNCServerName;
};
Members
The NTEventLogEventConsumer class has these types of members:
Properties
The NTEventLogEventConsumer class has these properties.
-
Category
-
-
Data type: uint16
-
Access type: Read-only
Event category. This is source-specific information and can have any value.
-
-
CreatorSID
-
-
Data type: uint8 array
-
Access type: Read-only
Security identifier (SID) that uniquely identifies the user who creates a filter. WMI stores the SID of the user who creates an instance of __EventConsumer or the Administrator SID, depending on the operating system. For more information, see Binding an Event Filter with a Logical Consumer and Monitoring and Responding to Events with Standard Consumers.
This property is inherited from __EventConsumer.
-
-
EventID
-
-
Data type: uint32
-
Access type: Read-only
Event message in the message DLL. This property cannot be NULL.
-
-
EventType
-
-
Data type: uint32
-
Access type: Read-only
Type of event. This parameter can have one of the values listed in the following list, which are defined in Winnt.h.
-
-
EVENTLOG_SUCCESS (0 (0x0))
-
Successful event
-
EVENTLOG_ERROR_TPYE (1 (0x1))
-
Error event
-
EVENTLOG_WARNING_TYPE (2 (0x2))
-
Warning event
-
EVENTLOG_INFORMATION_TYPE (4 (0x4))
-
Information event
-
EVENTLOG_AUDIT_SUCCESS (8 (0x8))
-
Success audit type
-
EVENTLOG_AUDIT_FAILURE (16 (0x10))
-
Failure audit type
InsertionStringTemplates
-
Data type: string array
-
Access type: Read-only
Array of standard string templates that is used as the insertion string for an event log record.
MachineName
-
Data type: string
-
Access type: Read-only
Name of the computer to which Windows Management Instrumentation (WMI) sends events.
This property is inherited from __EventConsumer.
MaximumQueueSize
-
Data type: uint32
-
Access type: Read-only
Maximum queue for a specific consumer, in bytes.
This property is inherited from __EventConsumer.
Name
-
Data type: string
-
Access type: Read-only
-
Qualifiers: key
Unique name of a consumer.
NameOfRawDataProperty
-
Data type: string
-
Access type: Read-only
Name of the event property that contains data to be passed to the ReportEvent function lpRawData parameter.
NameOfUserSidProperty
-
Data type: string
-
Access type: Read-only
Name of the event property that contains a security identifier (SID) to be passed to the ReportEvent function lpUserSid parameter. The property must be either an array of bytes (uint8) or a string. If it is an array of bytes, it is assumed to be a SID. If it is a string, it is a string SID that is converted into a SID.
NumberOfInsertionStrings
-
Data type: uint32
-
Access type: Read-only
Number of elements in the InsertionStringTemplates array.
SourceName
-
Data type: string
-
Access type: Read-only
Source name where a message is located. The customer is assumed to have registered a DLL with the necessary messages.
Note
The value of this parameter must not include a colon (:) character.
UNCServerName
-
Data type: string
-
Access type: Read-only
Name of the computer on which to log an event, or NULL if the event is to be logged on a local server.
Authenticated users cannot, by default, log events to the Application log on a remote computer. As a result, using this property to specify a remote computer will not work. To learn how to change event log security, consult this KB article.
Remarks
The NTEventLogEventConsumer class is derived from the __EventConsumer abstract class.
Examples
For an example of using NTEventLogEventConsumer to create a consumer, see Logging to NT Event Log Based on an Event.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista |
| Minimum supported server |
Windows Server 2008 |
| Namespace |
Root\subscription |
| MOF |
|
| DLL |
|
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for