98 lines
6.2 KiB
Plaintext
98 lines
6.2 KiB
Plaintext
#pragma autorecover
|
|
#pragma namespace("\\\\.\\root\\cimv2")
|
|
|
|
[singleton,Locale(1033),UUID("{8502C57A-5FBB-11D2-AAC1-006008C78BC7}")]
|
|
class NTEventlogProviderConfig
|
|
{
|
|
datetime LastBootUpTime;
|
|
};
|
|
|
|
Instance of __Win32Provider as $DataProv
|
|
{
|
|
Name = "MS_NT_EVENTLOG_PROVIDER";
|
|
ClsId = "{FD4F53E0-65DC-11d1-AB64-00C04FD9159E}";
|
|
ImpersonationLevel = 1;
|
|
PerUserInitialization = "TRUE";
|
|
};
|
|
|
|
Instance of __MethodProviderRegistration
|
|
{
|
|
Provider = $DataProv;
|
|
};
|
|
|
|
Instance of __InstanceProviderRegistration
|
|
{
|
|
Provider = $DataProv;
|
|
SupportsPut = TRUE;
|
|
SupportsGet = TRUE;
|
|
SupportsDelete = FALSE;
|
|
SupportsEnumeration = TRUE;
|
|
QuerySupportLevels = {"WQL:UnarySelect"};
|
|
};
|
|
|
|
[dynamic,provider("MS_NT_EVENTLOG_PROVIDER"),Locale(1033),UUID("{8502C57B-5FBB-11D2-AAC1-006008C78BC7}")]
|
|
class Win32_NTEventlogFile : CIM_DataFile
|
|
{
|
|
[read] string LogfileName;
|
|
[read,write] uint32 MaxFileSize;
|
|
[read] uint32 NumberOfRecords;
|
|
[read,volatile,ValueMap{"0", "1..365", "4294967295"}] string OverWritePolicy;
|
|
[read,write,Units("Days"),Range("0-365 | 4294967295")] uint32 OverwriteOutDated;
|
|
[read] string Sources[];
|
|
[implemented,Privileges{"SeSecurityPrivilege", "SeBackupPrivilege"}] uint32 ClearEventlog([in] string ArchiveFileName);
|
|
[implemented,Privileges{"SeSecurityPrivilege", "SeBackupPrivilege"}] uint32 BackupEventlog([in] string ArchiveFileName);
|
|
};
|
|
|
|
[dynamic,provider("MS_NT_EVENTLOG_PROVIDER"),EnumPrivileges{"SeSecurityPrivilege"},Locale(1033),UUID("{8502C57C-5FBB-11D2-AAC1-006008C78BC7}")]
|
|
class Win32_NTLogEvent
|
|
{
|
|
[key] uint32 RecordNumber;
|
|
[key] string Logfile;
|
|
uint32 EventIdentifier;
|
|
uint16 EventCode;
|
|
string SourceName;
|
|
[ValueMap{"1", "2", "4", "8", "16"}] string Type;
|
|
uint16 Category;
|
|
string CategoryString;
|
|
datetime TimeGenerated;
|
|
datetime TimeWritten;
|
|
string ComputerName;
|
|
string User;
|
|
string Message;
|
|
string InsertionStrings[];
|
|
Uint8 Data[];
|
|
};
|
|
|
|
[dynamic,provider("MS_NT_EVENTLOG_PROVIDER"),EnumPrivileges{"SeSecurityPrivilege"},Locale(1033),UUID("{8502C57D-5FBB-11D2-AAC1-006008C78BC7}"),Association : ToInstance]
|
|
class Win32_NTLogEventLog
|
|
{
|
|
[key,read] Win32_NTEventlogFile Ref Log;
|
|
[key,read] Win32_NTLogEvent Ref Record;
|
|
};
|
|
|
|
[dynamic,provider("MS_NT_EVENTLOG_PROVIDER"),EnumPrivileges{"SeSecurityPrivilege"},Locale(1033),UUID("{8502C57E-5FBB-11D2-AAC1-006008C78BC7}"),Association : ToInstance]
|
|
class Win32_NTLogEventUser
|
|
{
|
|
[key,read] Win32_UserAccount Ref User;
|
|
[key,read] Win32_NTLogEvent Ref Record;
|
|
};
|
|
|
|
[dynamic,provider("MS_NT_EVENTLOG_PROVIDER"),EnumPrivileges{"SeSecurityPrivilege"},Locale(1033),UUID("{8502C57F-5FBB-11D2-AAC1-006008C78BC7}"),Association : ToInstance]
|
|
class Win32_NTLogEventComputer
|
|
{
|
|
[key,read] Win32_ComputerSystem Ref Computer;
|
|
[key,read] Win32_NTLogEvent Ref Record;
|
|
};
|
|
|
|
Instance of __Win32Provider as $EventProv
|
|
{
|
|
Name = "MS_NT_EVENTLOG_EVENT_PROVIDER";
|
|
ClsId = "{F55C5B4C-517D-11d1-AB57-00C04FD9159E}";
|
|
};
|
|
|
|
Instance of __EventProviderRegistration
|
|
{
|
|
Provider = $EventProv;
|
|
EventQueryList = {"select * from __InstanceCreationEvent where TargetInstance isa \"Win32_NTLogEvent\""};
|
|
};
|