Windows Event Log Functions
Windows Event Log defines the following functions that you can use to get events from a channel or event log and to get the metadata for a provider and the events that it generates.
| Function | Description |
|---|---|
| EVT_SUBSCRIBE_CALLBACK | Implement this callback if you call the EvtSubscribe function to receive events that match your query. |
| EvtArchiveExportedLog | Adds localized strings to the events in the specified log file. |
| EvtCancel | Cancels all pending operations on a handle. |
| EvtClearLog | Removes all events from the specified channel and writes them to the target log file. |
| EvtClose | Closes an open handle. |
| EvtCreateBookmark | Creates a bookmark that identifies an event in a channel. |
| EvtCreateRenderContext | Creates a context that specifies the information in the event that you want to render. |
| EvtExportLog | Copies events from the specified channel or log file and writes them to the target log file. |
| EvtFormatMessage | Formats a message string. |
| EvtGetChannelConfigProperty | Gets the specified channel configuration property. |
| EvtGetEventInfo | Gets information that identifies the structured XML query that selected the event and the channel or log file from which it came. |
| EvtGetEventMetadataProperty | Gets the specified event metadata property. |
| EvtGetExtendedStatus | Gets a text message that contains the extended error information for the current error. |
| EvtGetLogInfo | Gets information about a channel or log file. |
| EvtGetObjectArrayProperty | Gets a provider metadata property from the specified object in the array. |
| EvtGetObjectArraySize | Gets the number of elements in the array of objects. |
| EvtGetPublisherMetadataProperty | Gets the specified provider metadata property. |
| EvtGetQueryInfo | Gets information about a query that you ran that identifies the list of channels or log files that the query attempted to access and a list of return codes that indicates the success or failure of each access. |
| EvtNext | Gets the next event from the query or subscription results. |
| EvtNextChannelPath | Gets a channel name from the enumerator. |
| EvtNextEventMetadata | Gets an event definition from the enumerator. |
| EvtNextPublisherId | Gets the identifier of a provider from the enumerator. |
| EvtOpenChannelConfig | Gets a handle that you use to read or modify a channel's configuration property. |
| EvtOpenChannelEnum | Gets a handle that you use to enumerate the list of channels that are registered on the computer. |
| EvtOpenEventMetadataEnum | Gets a handle that you use to enumerate the list of events that the provider defines. |
| EvtOpenLog | Gets a handle to a channel or log file that you can then use to get information about the channel or log file. |
| EvtOpenPublisherEnum | Gets a handle that you use to enumerate the list of registered providers on the computer. |
| EvtOpenPublisherMetadata | Gets a handle that you use to read the specified provider's metadata. |
| EvtOpenSession | Establishes a connection to a remote computer that you can use when calling the other Windows Event Log functions. |
| EvtQuery | Runs a query to retrieve events from a channel or log file that match the specified query criteria. |
| EvtRender | Renders an XML fragment based on the rendering context that you specify. |
| EvtSaveChannelConfig | Saves the changes made to a channel's configuration. |
| EvtSeek | Seeks to a specific event in a query result set. |
| EvtSetChannelConfigProperty | Sets the specified configuration property of a channel. |
| EvtSubscribe | Creates a subscription that will receive current and future events from a channel or log file that match the specified query criteria. |
| EvtUpdateBookmark | Updates the bookmark with information that identifies the specified event. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for