Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Defines the identifiers that identify the system-specific properties of an event.
Syntax
typedef enum _EVT_SYSTEM_PROPERTY_ID {
EvtSystemProviderName = 0,
EvtSystemProviderGuid,
EvtSystemEventID,
EvtSystemQualifiers,
EvtSystemLevel,
EvtSystemTask,
EvtSystemOpcode,
EvtSystemKeywords,
EvtSystemTimeCreated,
EvtSystemEventRecordId,
EvtSystemActivityID,
EvtSystemRelatedActivityID,
EvtSystemProcessID,
EvtSystemThreadID,
EvtSystemChannel,
EvtSystemComputer,
EvtSystemUserID,
EvtSystemVersion,
EvtSystemPropertyIdEND
} EVT_SYSTEM_PROPERTY_ID;
Constants
EvtSystemProviderNameValue: 0 Identifies the Name attribute of the provider element. The variant type for this property is EvtVarTypeString. |
EvtSystemProviderGuidIdentifies the Guid attribute of the provider element. The variant type for this property is EvtVarTypeGuid. |
EvtSystemEventIDIdentifies the EventID element. The variant type for this property is EvtVarTypeUInt16. |
EvtSystemQualifiersIdentifies the Qualifiers attribute of the EventID element. The variant type for this property is EvtVarTypeUInt16. |
EvtSystemLevelIdentifies the Level element. The variant type for this property is EvtVarTypeUInt8. |
EvtSystemTaskIdentifies the Task element. The variant type for this property is EvtVarTypeUInt16. |
EvtSystemOpcodeIdentifies the Opcode element. The variant type for this property is EvtVarTypeUInt8. |
EvtSystemKeywordsIdentifies the Keywords element. The variant type for this property is EvtVarTypeInt64. |
EvtSystemTimeCreatedIdentifies the SystemTime attribute of the TimeCreated element. The variant type for this property is EvtVarTypeFileTime. |
EvtSystemEventRecordIdIdentifies the EventRecordID element. The variant type for this property is EvtVarTypeUInt64. |
EvtSystemActivityIDIdentifies the ActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid. |
EvtSystemRelatedActivityIDIdentifies the RelatedActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid. |
EvtSystemProcessIDIdentifies the ProcessID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32. |
EvtSystemThreadIDIdentifies the ThreadID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32. |
EvtSystemChannelIdentifies the Channel element. The variant type for this property is EvtVarTypeString. |
EvtSystemComputerIdentifies the Computer element. The variant type for this property is EvtVarTypeString. |
EvtSystemUserIDIdentifies the UserID element. The variant type for this property is EvtVarTypeSid. |
EvtSystemVersionIdentifies the Version element. The variant type for this property is EvtVarTypeUInt8. |
EvtSystemPropertyIdENDThis enumeration value marks the end of the enumeration values. |
Remarks
Before accessing these properties, check the variant type to ensure that it is not EvtVarTypeNULL; not all events will contain all system properties. For a list of system properties, see the Event schema.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | winevt.h |