public interface Wevtapi extends StdCallLibrary
StdCallLibrary.StdCallCallback
Library.Handler
Modifier and Type | Field and Description |
---|---|
static Wevtapi |
INSTANCE |
FUNCTION_MAPPER, STDCALL_CONVENTION
OPTION_ALLOW_OBJECTS, OPTION_CALLING_CONVENTION, OPTION_CLASSLOADER, OPTION_FUNCTION_MAPPER, OPTION_INVOCATION_MAPPER, OPTION_OPEN_FLAGS, OPTION_STRING_ENCODING, OPTION_STRUCTURE_ALIGNMENT, OPTION_TYPE_MAPPER
Modifier and Type | Method and Description |
---|---|
boolean |
EvtArchiveExportedLog(Winevt.EVT_HANDLE Session,
java.lang.String LogFilePath,
int Locale,
int Flags)
Adds localized strings to the events in the specified log file.
|
boolean |
EvtCancel(Winevt.EVT_HANDLE Object)
Cancels all pending operations on a handle.
|
boolean |
EvtClearLog(Winevt.EVT_HANDLE Session,
java.lang.String ChannelPath,
java.lang.String TargetFilePath,
int Flags)
Removes all events from the specified channel and writes them to the target log file.
|
boolean |
EvtClose(Winevt.EVT_HANDLE Object)
Closes an open handle.
|
Winevt.EVT_HANDLE |
EvtCreateBookmark(java.lang.String BookmarkXml)
Creates a bookmark that identifies an event in a channel.
|
Winevt.EVT_HANDLE |
EvtCreateRenderContext(int ValuePathsCount,
java.lang.String[] ValuePaths,
int Flags)
Creates a context that specifies the information in the event that you want to render.
|
boolean |
EvtExportLog(Winevt.EVT_HANDLE Session,
java.lang.String Path,
java.lang.String Query,
java.lang.String TargetFilePath,
int Flags)
Copies events from the specified channel or log file and writes them to the target log file.
|
boolean |
EvtFormatMessage(Winevt.EVT_HANDLE PublisherMetadata,
Winevt.EVT_HANDLE Event,
int MessageId,
int ValueCount,
Winevt.EVT_VARIANT[] Values,
int Flags,
int BufferSize,
char[] Buffer,
IntByReference BufferUsed)
Formats a message string.
|
boolean |
EvtGetChannelConfigProperty(Winevt.EVT_HANDLE ChannelConfig,
int PropertyId,
int Flags,
int PropertyValueBufferSize,
Pointer PropertyValueBuffer,
IntByReference PropertyValueBufferUsed)
Gets the specified channel configuration property.
|
boolean |
EvtGetEventInfo(Winevt.EVT_HANDLE Event,
int PropertyId,
int PropertyValueBufferSize,
Pointer PropertyValueBuffer,
IntByReference PropertyValueBufferUsed)
Gets information that identifies the structured XML query that selected the event and the channel or log file
that contained the event.
|
boolean |
EvtGetEventMetadataProperty(Winevt.EVT_HANDLE EventMetadata,
int PropertyId,
int Flags,
int EventMetadataPropertyBufferSize,
Pointer Buffer,
IntByReference BufferUsed)
Gets the specified event metadata property.
|
int |
EvtGetExtendedStatus(int BufferSize,
char[] Buffer,
IntByReference BufferUsed)
Gets a text message that contains the extended error information for the current error.
|
boolean |
EvtGetLogInfo(Winevt.EVT_HANDLE Log,
int PropertyId,
int PropertyValueBufferSize,
Pointer PropertyValueBuffer,
IntByReference PropertyValueBufferUsed)
Gets information about a channel or log file.
|
boolean |
EvtGetObjectArrayProperty(Pointer ObjectArray,
int PropertyId,
int ArrayIndex,
int Flags,
int PropertyValueBufferSize,
Pointer PropertyValueBuffer,
IntByReference PropertyValueBufferUsed)
Gets a provider metadata property from the specified object in the array.
|
boolean |
EvtGetObjectArraySize(Pointer ObjectArray,
IntByReference ObjectArraySize)
Gets the number of elements in the array of objects.
|
boolean |
EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata,
int PropertyId,
int Flags,
int PublisherMetadataPropertyBufferSize,
Pointer PublisherMetadataPropertyBuffer,
IntByReference PublisherMetadataPropertyBufferUsed)
Gets the specified provider metadata property.
|
boolean |
EvtGetQueryInfo(Winevt.EVT_HANDLE QueryOrSubscription,
int PropertyId,
int PropertyValueBufferSize,
Pointer PropertyValueBuffer,
IntByReference PropertyValueBufferUsed)
Gets information about a query that you ran that identifies the list of channels or log files that the query
attempted to access.
|
boolean |
EvtNext(Winevt.EVT_HANDLE ResultSet,
int EventArraySize,
Winevt.EVT_HANDLE[] EventArray,
int Timeout,
int Flags,
IntByReference Returned)
Gets the next event from the query or subscription results.
|
boolean |
EvtNextChannelPath(Winevt.EVT_HANDLE ChannelEnum,
int ChannelPathBufferSize,
char[] ChannelPathBuffer,
IntByReference ChannelPathBufferUsed)
Gets a channel name from the enumerator.
|
Winevt.EVT_HANDLE |
EvtNextEventMetadata(Winevt.EVT_HANDLE EventMetadataEnum,
int Flags)
Gets an event definition from the enumerator.
|
boolean |
EvtNextPublisherId(Winevt.EVT_HANDLE PublisherEnum,
int PublisherIdBufferSize,
char[] PublisherIdBuffer,
IntByReference PublisherIdBufferUsed)
Gets the identifier of a provider from the enumerator.
|
Winevt.EVT_HANDLE |
EvtOpenChannelConfig(Winevt.EVT_HANDLE Session,
java.lang.String ChannelPath,
int Flags)
Gets a handle that you use to read or modify a channel's configuration property.
|
Winevt.EVT_HANDLE |
EvtOpenChannelEnum(Winevt.EVT_HANDLE Session,
int Flags)
Gets a handle that you use to enumerate the list of channels that are registered on the computer.
|
Winevt.EVT_HANDLE |
EvtOpenEventMetadataEnum(Winevt.EVT_HANDLE PublisherMetadata,
int Flags)
Gets a handle that you use to enumerate the list of events that the provider defines.
|
Winevt.EVT_HANDLE |
EvtOpenLog(Winevt.EVT_HANDLE Session,
java.lang.String Path,
int Flags)
Gets a handle to a channel or log file that you can then use to get information about the channel or log file.
|
Winevt.EVT_HANDLE |
EvtOpenPublisherEnum(Winevt.EVT_HANDLE Session,
int Flags)
Gets a handle that you use to enumerate the list of registered providers on the computer.
|
Winevt.EVT_HANDLE |
EvtOpenPublisherMetadata(Winevt.EVT_HANDLE EvtHandleSession,
java.lang.String PublisherIdentity,
java.lang.String LogFilePath,
int Locale,
int Flags)
Gets a handle that you use to read the specified provider's metadata.
|
Winevt.EVT_HANDLE |
EvtOpenSession(int LoginClass,
Winevt.EVT_RPC_LOGIN Login,
int Timeout,
int Flags)
Establishes a connection to a remote computer that you can use when calling the other Windows Event Log functions.
|
Winevt.EVT_HANDLE |
EvtQuery(Winevt.EVT_HANDLE Session,
java.lang.String Path,
java.lang.String Query,
int Flags)
Runs a query to retrieve events from a channel or log file that match the specified query criteria.
|
boolean |
EvtRender(Winevt.EVT_HANDLE Context,
Winevt.EVT_HANDLE Fragment,
int Flags,
int BufferSize,
Pointer Buffer,
IntByReference BufferUsed,
IntByReference PropertyCount)
Renders an XML fragment based on the rendering context that you specify.
|
boolean |
EvtSaveChannelConfig(Winevt.EVT_HANDLE ChannelConfig,
int Flags)
Saves the changes made to a channel's configuration.
|
boolean |
EvtSeek(Winevt.EVT_HANDLE ResultSet,
long Position,
Winevt.EVT_HANDLE Bookmark,
int Timeout,
int Flags)
Seeks to a specific event in a query result set.
|
boolean |
EvtSetChannelConfigProperty(Winevt.EVT_HANDLE ChannelConfig,
int PropertyId,
int Flags,
Winevt.EVT_VARIANT PropertyValue)
Sets the specified configuration property of a channel.
|
Winevt.EVT_HANDLE |
EvtSubscribe(Winevt.EVT_HANDLE Session,
Winevt.EVT_HANDLE SignalEvent,
java.lang.String ChannelPath,
java.lang.String Query,
Winevt.EVT_HANDLE Bookmark,
Pointer Context,
Callback Callback,
int Flags)
Creates a subscription that will receive current and future events from a channel or log file
that match the specified query criteria.
|
boolean |
EvtUpdateBookmark(Winevt.EVT_HANDLE Bookmark,
Winevt.EVT_HANDLE Event)
Updates the bookmark with information that identifies the specified event.
|
static final Wevtapi INSTANCE
Winevt.EVT_HANDLE EvtOpenSession(int LoginClass, Winevt.EVT_RPC_LOGIN Login, int Timeout, int Flags)
LoginClass
- [in] The connection method to use to connect to the remote computer. For possible values,
see the Winevt.EVT_LOGIN_CLASS
enumeration.Login
- [in] A EVT_RPC_LOGIN structure that identifies the remote computer that you want to connect
to, the user's credentials, and the type of authentication to use when connecting.Timeout
- [in] Reserved. Must be zero.Flags
- [in]Reserved. Must be zero.Kernel32.GetLastError()
function to get
the error code.boolean EvtClose(Winevt.EVT_HANDLE Object)
Object
- [in] An open event handle to close.Kernel32.GetLastError()
function.boolean EvtCancel(Winevt.EVT_HANDLE Object)
Object
- The handle whose operation you want to cancel. You can cancel the following operations:
EvtClearLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
EvtExportLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, java.lang.String, int)
EvtNext(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, com.sun.jna.platform.win32.Winevt.EVT_HANDLE[], int, int, com.sun.jna.ptr.IntByReference)
EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
EvtSeek(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, long, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int)
EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int)
EvtClearLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
, EvtExportLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, java.lang.String, int)
, EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
,
and EvtSubscribe operations, you must pass the session handle. To specify the default
session (local session), set this parameter to NULL.Kernel32.GetLastError()
function.int EvtGetExtendedStatus(int BufferSize, char[] Buffer, IntByReference BufferUsed)
BufferSize
- [in] The size of the Buffer buffer, in characters.Buffer
- [in] A caller-allocated string buffer that will receive the extended error information.
You can set this parameter to NULL to determine the required buffer size.BufferUsed
- [out] The size, in characters, of the caller-allocated buffer that the function used or
the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Winevt.EVT_HANDLE EvtQuery(Winevt.EVT_HANDLE Session, java.lang.String Path, java.lang.String Query, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to query for events on the local computer.Path
- [in] The name of the channel or the full path to a log file that contains the events that
you want to query. You can specify an .evt, .evtx, or.etl log file. The path is required
if the Query parameter contains an XPath query; the path is ignored if the Query parameter
contains a structured XML query and the query specifies the path.Query
- [in] A query that specifies the types of events that you want to retrieve. You can specify
an XPath 1.0 query or structured XML query. If your XPath contains more than 20 expressions,
use a structured XML query. To receive all events, set this parameter to NULL or "*".Flags
- [in] One or more flags that specify the order that you want to receive the events and
whether you are querying against a channel or log file. For possible values,
see the Winevt.EVT_QUERY_FLAGS
enumeration.Kernel32.GetLastError()
function to get the error code.boolean EvtNext(Winevt.EVT_HANDLE ResultSet, int EventArraySize, Winevt.EVT_HANDLE[] EventArray, int Timeout, int Flags, IntByReference Returned)
ResultSet
- [in] The handle to a query or subscription result set that
the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
function or the EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int)
function returns.EventArraySize
- [in] The number of elements in the EventArray array. The function will try to retrieve
this number of elements from the result set.EventArray
- [in] A pointer to an array of handles that will be set to the handles to the events from
the result set.Timeout
- [in] The number of milliseconds that you are willing to wait for a result.
Set to INFINITE to indicate no time-out value. If the time-out expires, the last error is
set to ERROR_TIMEOUT.Flags
- [in] Reserved. Must be zero.Returned
- [out] The number of handles in the array that are set.Kernel32.GetLastError()
function.boolean EvtSeek(Winevt.EVT_HANDLE ResultSet, long Position, Winevt.EVT_HANDLE Bookmark, int Timeout, int Flags)
ResultSet
- [in] The handle to a query result set that
the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
function returns.Position
- [in] The zero-based offset to an event in the result set. The flag that you specify
in the Flags parameter indicates the beginning relative position in the result set from
which to seek. For example, you can seek from the beginning of the results or from the end of
the results. Set to 0 to move to the relative position specified by the flag.Bookmark
- [in] A handle to a bookmark that the EvtCreateBookmark(java.lang.String)
function returns.
The bookmark identifies an event in the result set to which you want to seek.
Set this parameter only if the Flags parameter has the EvtSeekRelativeToBookmark flag set.Timeout
- [in] Reserved. Must be zero.Flags
- [in] One or more flags that indicate the relative position in the result set from which to seek.
For possible values, see the Winevt.EVT_SEEK_FLAGS
enumeration.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtSubscribe(Winevt.EVT_HANDLE Session, Winevt.EVT_HANDLE SignalEvent, java.lang.String ChannelPath, java.lang.String Query, Winevt.EVT_HANDLE Bookmark, Pointer Context, Callback Callback, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to subscribe to events on the local computer.SignalEvent
- [in] The handle to an event object that the service will signal when new events are
available that match your query criteria. This parameter must be NULL if the Callback
parameter is not NULL.ChannelPath
- [in] The name of the Admin or Operational channel that contains the events that you want to
subscribe to (you cannot subscribe to Analytic or Debug channels). The path is required
if the Query parameter contains an XPath query; the path is ignored if the Query parameter
contains a structured XML query.Query
- [in] A query that specifies the types of events that you want the subscription service to
return. You can specify an XPath 1.0 query or structured XML query. If your XPath contains
more than 20 expressions, use a structured XML query. To receive all events, set this
parameter to NULL or "*".Bookmark
- [in] A handle to a bookmark that identifies the starting point for the subscription. To get
a bookmark handle, call the EvtCreateBookmark(java.lang.String)
function. You must set
this parameter if the Flags parameter contains the EvtSubscribeStartAfterBookmark flag;
otherwise, NULL.Context
- [in] A caller-defined context value that the subscription service will pass to the specified
callback each time it delivers an event.Callback
- [in] Pointer to your EVT_SUBSCRIBE_CALLBACK callback function that will receive
the subscription events. This parameter must be NULL if the SignalEvent parameter is not NULL.Flags
- [in] One or more flags that specify when to start subscribing to events. For example, if you
specify Winevt.EVT_SUBSCRIBE_FLAGS.EvtSubscribeStartAtOldestRecord
, the service will
retrieve all current and future events that match your query criteria; however, if you specify
Winevt.EVT_SUBSCRIBE_FLAGS.EvtSubscribeToFutureEvents
, the service returns only
future events that match your query criteria. For possible values,see
the Winevt.EVT_SUBSCRIBE_FLAGS
enumeration.Kernel32.GetLastError()
function to get the error code.
You must call the EvtClose function with the subscription handle when done.Winevt.EVT_HANDLE EvtCreateRenderContext(int ValuePathsCount, java.lang.String[] ValuePaths, int Flags)
ValuePathsCount
- [in] The number of XPath expressions in the ValuePaths parameter.ValuePaths
- [in] An array of XPath expressions that uniquely identify a node or attribute in
the event that you want to render. The expressions must not contain the OR or AND operator.
Set to NULL if the Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues
context
flag is not set in the Flags parameter.Flags
- [in] One or more flags that identify the information in the event that you want to render.
For example, the system information, user information, or specific values.
For possible values, see the Winevt.EVT_RENDER_CONTEXT_FLAGS
enumeration.EvtRender(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference, com.sun.jna.ptr.IntByReference)
function to render the contents
of an event; otherwise, NULL. If NULL, call the Kernel32.GetLastError()
function to get the error code.boolean EvtRender(Winevt.EVT_HANDLE Context, Winevt.EVT_HANDLE Fragment, int Flags, int BufferSize, Pointer Buffer, IntByReference BufferUsed, IntByReference PropertyCount)
Context
- [in] A handle to the rendering context that the EvtCreateRenderContext(int, java.lang.String[], int)
function returns. This parameter must be set to NULL if the Flags parameter is set to
Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
or
Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark
.Fragment
- [in] A handle to an event or to a bookmark. Set this parameter to a bookmark handle
if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
;
otherwise, set to an event handle.Flags
- [in] A flag that identifies what to render. For example, the entire event or specific
properties of the event. For possible values,see the Winevt.EVT_RENDER_FLAGS
enumeration.BufferSize
- [in] The size of the Buffer buffer, in bytes.Buffer
- [in] A caller-allocated buffer that will receive the rendered output. The contents is
a null-terminated Unicode string if the Flags parameter is set to
Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml
or
Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark
. Otherwise, if Flags is set to
Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues
, the buffer
contains an array of EVT_VARIANT structures; one for each property specified by
the rendering context. The PropertyCount parameter contains the number of elements
in the array.BufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that the function used or
the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.PropertyCount
- [out] The number of the properties in the Buffer parameter if the Flags parameter is set
to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues
; otherwise, zero.Kernel32.GetLastError()
function.boolean EvtFormatMessage(Winevt.EVT_HANDLE PublisherMetadata, Winevt.EVT_HANDLE Event, int MessageId, int ValueCount, Winevt.EVT_VARIANT[] Values, int Flags, int BufferSize, char[] Buffer, IntByReference BufferUsed)
PublisherMetadata
- [in] A handle to the provider's metadata that
the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int)
function returns. The handle acts as
a formatting context for the event or message identifier.
You can set this parameter to NULL if the Windows Event Collector service forwarded the event. Forwarded events include a RenderingInfo section that contains the rendered message strings. You can also set this parameter to NULL if the event property that you are formatting is defined in the Winmeta.xml file (for example, if level is set to win:Error). In the latter case, the service uses the Winmeta provider as the formatting context and will format only those message strings that you reference in your event that are defined in the Winmeta.xml file.
Event
- [in] A handle to an event. The Flags parameter specifies the message string in
the event that you want to format. This parameter must be NULL if the Flags parameter
is set to EvtFormatMessageId.MessageId
- [in] The resource identifier of the message string that you want to format.
To get the resource identifier for a message string, call
the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)
function. Set this parameter only
if the Flags parameter is set to EvtFormatMessageId.ValueCount
- [in] The number of values in the Values parameter.Values
- [in] An array of insertion values to use when formatting the event's message string.
Typically, you set this parameter to NULL and the function gets the insertion values
from the event data itself. You would use this parameter to override the default
behavior and supply the insertion values to use. For example, you might use this
parameter if you wanted to resolve a SID to a principal name before inserting the value.
To override the insertion values, the Flags parameter must be set to
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageEvent
,
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageXml
, or
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId
, If Flags is set to
Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId
, the resource identifier
must identify the event's message string.
Flags
- [in] A flag that specifies the message string in the event to format. For possible
values, see the Winevt.EVT_FORMAT_MESSAGE_FLAGS
enumeration.BufferSize
- [in] The size of the Buffer buffer, in characters.Buffer
- [in] A caller-allocated buffer that will receive the formatted message string.
You can set this parameter to NULL to determine the required buffer size.BufferUsed
- [out] The size, in characters of the caller-allocated buffer that the function used
or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtOpenLog(Winevt.EVT_HANDLE Session, java.lang.String Path, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to open a channel or log on the local computer.Path
- [in] The name of the channel or the full path to the exported log file.Flags
- [in] A flag that determines whether the Path parameter points to a log file or channel.
For possible values, see the Winevt.EVT_OPEN_LOG_FLAGS
enumeration.Kernel32.GetLastError()
function to get the error code.boolean EvtGetLogInfo(Winevt.EVT_HANDLE Log, int PropertyId, int PropertyValueBufferSize, Pointer PropertyValueBuffer, IntByReference PropertyValueBufferUsed)
Log
- [in] A handle to the channel or log file that the EvtOpenLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int)
function returns.PropertyId
- [in] The identifier of the property to retrieve. For a list of property
identifiers, see the Winevt.EVT_LOG_PROPERTY_ID
enumeration.PropertyValueBufferSize
- [in] The size of the PropertyValueBuffer buffer, in bytes.PropertyValueBuffer
- [in] A caller-allocated buffer that will receive the property value. The buffer
contains an EVT_VARIANT object. You can set this parameter to NULL to determine
the required buffer size.PropertyValueBufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that
the function used or the required buffer size if the function fails
with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.boolean EvtClearLog(Winevt.EVT_HANDLE Session, java.lang.String ChannelPath, java.lang.String TargetFilePath, int Flags)
Session
- [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function
returns. Set to NULL for local channels.ChannelPath
- [in] The name of the channel to clear.TargetFilePath
- [in, optional] The full path to the target log file that will receive the events.
Set to NULL to clear the log file and not save the events.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function.boolean EvtExportLog(Winevt.EVT_HANDLE Session, java.lang.String Path, java.lang.String Query, java.lang.String TargetFilePath, int Flags)
Session
- [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function
returns. Set to NULL for local channels.Path
- [in] The name of the channel or the full path to a log file that contains the events that
you want to export. If the Query parameter contains an XPath query, you must specify
the channel or log file. If the Flags parameter contains
Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogFilePath
, you must specify the log file.
If the Query parameter contains a structured XML query, the channel or path that you
specify here must match the channel or path in the query. If the Flags parameter contains
Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogChannelPath
, this parameter can be NULL
if the query is a structured XML query that specifies the channel.Query
- [in] A query that specifies the types of events that you want to export. You can specify
an XPath 1.0 query or structured XML query. If your XPath contains more than 20 expressions,
use a structured XML query. To export all events, set this parameter to NULL or "*".TargetFilePath
- [in] The full path to the target log file that will receive the events.
The target log file must not exist.Flags
- [in] Flags that indicate whether the events come from a channel or log file. For possible
values, see the Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogChannelPath
enumeration.Kernel32.GetLastError()
function.boolean EvtArchiveExportedLog(Winevt.EVT_HANDLE Session, java.lang.String LogFilePath, int Locale, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL for local channels.LogFilePath
- [in] The full path to the exported log file that contains the events to localize.Locale
- [in] The locale to use to localize the strings that the service adds to the events in
the log file. If zero, the function uses the calling thread's locale. If the provider's
resources does not contain the locale, the string is empty.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtOpenChannelEnum(Winevt.EVT_HANDLE Session, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to enumerate the channels on the local computer.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function to get the error code.boolean EvtNextChannelPath(Winevt.EVT_HANDLE ChannelEnum, int ChannelPathBufferSize, char[] ChannelPathBuffer, IntByReference ChannelPathBufferUsed)
ChannelEnum
- [in] A handle to the enumerator that the EvtOpenChannelEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function returns.ChannelPathBufferSize
- [in] The size of the ChannelPathBuffer buffer, in characters.ChannelPathBuffer
- [in] A caller-allocated buffer that will receive the name of the channel.
You can set this parameter to NULL to determine the required buffer size.ChannelPathBufferUsed
- [out] The size, in characters, of the caller-allocated buffer that the function
used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtOpenChannelConfig(Winevt.EVT_HANDLE Session, java.lang.String ChannelPath, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to access a channel on the local computer.ChannelPath
- [in] The name of the channel to access.Flags
- [in] Reserved. Must be zero.boolean EvtSaveChannelConfig(Winevt.EVT_HANDLE ChannelConfig, int Flags)
ChannelConfig
- [in] A handle to the channel's configuration properties that
the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int)
function returns.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function.boolean EvtSetChannelConfigProperty(Winevt.EVT_HANDLE ChannelConfig, int PropertyId, int Flags, Winevt.EVT_VARIANT PropertyValue)
ChannelConfig
- [in] A handle to the channel's configuration properties that
the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int)
function returns.PropertyId
- [in] The identifier of the channel property to set. For a list of property identifiers,
see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID
enumeration.Flags
- [in] Reserved. Must be zero.PropertyValue
- [in] The property value to set.
A caller-allocated buffer that contains the new configuration property value.
The buffer contains an EVT_VARIANT object. Be sure to set the configuration value and
variant type.Kernel32.GetLastError()
function.boolean EvtGetChannelConfigProperty(Winevt.EVT_HANDLE ChannelConfig, int PropertyId, int Flags, int PropertyValueBufferSize, Pointer PropertyValueBuffer, IntByReference PropertyValueBufferUsed)
ChannelConfig
- [in] A handle to the channel's configuration properties that
the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int)
function returns.PropertyId
- [in] The identifier of the channel property to retrieve. For a list of property
identifiers, see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID
enumeration.Flags
- [in] Reserved. Must be zero.PropertyValueBufferSize
- [in] The size of the PropertyValueBuffer buffer, in bytes.PropertyValueBuffer
- [in] A caller-allocated buffer that will receive the configuration property.
The buffer contains an EVT_VARIANT object. You can set this parameter to NULL
to determine the required buffer size.PropertyValueBufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that the function
used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtOpenPublisherEnum(Winevt.EVT_HANDLE Session, int Flags)
Session
- [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns.
Set to NULL to enumerate the registered providers on the local computer.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function to get the error code.boolean EvtNextPublisherId(Winevt.EVT_HANDLE PublisherEnum, int PublisherIdBufferSize, char[] PublisherIdBuffer, IntByReference PublisherIdBufferUsed)
PublisherEnum
- [in] A handle to the registered providers enumerator that
the EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function returns.PublisherIdBufferSize
- [in] The size of the PublisherIdBuffer buffer, in characters.PublisherIdBuffer
- [in] A caller-allocated buffer that will receive the name of the registered
provider. You can set this parameter to NULL to determine the required buffer size.PublisherIdBufferUsed
- [out] The size, in characters, of the caller-allocated buffer that the function
used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function to get the error code.Winevt.EVT_HANDLE EvtOpenPublisherMetadata(Winevt.EVT_HANDLE EvtHandleSession, java.lang.String PublisherIdentity, java.lang.String LogFilePath, int Locale, int Flags)
EvtHandleSession
- [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int)
function returns. Set to NULL to get the metadata for a provider on the local computer.PublisherIdentity
- [in] The name of the provider. To enumerate the names of the providers registered on
the computer, call the EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function.LogFilePath
- [in, optional] The full path to an archived log file that contains the events that
the provider logged. An archived log file also contains the provider's metadata. Use
this parameter when the provider is not registered on the local computer. Set to NULL
when reading the metadata from a registered provider..Locale
- [in] The locale identifier to use when accessing the localized metadata from
the provider. To create the locale identifier, use the MAKELCID macro. Set to 0 to use
the locale identifier of the calling thread.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function to get the error code.boolean EvtGetPublisherMetadataProperty(Winevt.EVT_HANDLE PublisherMetadata, int PropertyId, int Flags, int PublisherMetadataPropertyBufferSize, Pointer PublisherMetadataPropertyBuffer, IntByReference PublisherMetadataPropertyBufferUsed)
PublisherMetadata
- [in] A handle to the metadata that
the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int)
function returns.PropertyId
- [in] The identifier of the metadata property to retrieve.
For a list of property identifiers, see
the Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID
enumeration.Flags
- [in] Reserved. Must be zero.PublisherMetadataPropertyBufferSize
- [in] The size of the PublisherMetadataPropertyBuffer buffer,
in bytes.PublisherMetadataPropertyBuffer
- [in] A caller-allocated buffer that will receive the metadata
property. The buffer contains an EVT_VARIANT object. You can set this
parameter to NULL to determine the required buffer size.PublisherMetadataPropertyBufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that
the function used or the required buffer size if the function fails
with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtOpenEventMetadataEnum(Winevt.EVT_HANDLE PublisherMetadata, int Flags)
PublisherMetadata
- [in] A handle to the provider's metadata that
the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int)
function returns.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function to get the error code.Winevt.EVT_HANDLE EvtNextEventMetadata(Winevt.EVT_HANDLE EventMetadataEnum, int Flags)
EventMetadataEnum
- [in] A handle to the event definition enumerator that
the EvtOpenEventMetadataEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function returns.Flags
- [in] Reserved. Must be zero.Kernel32.GetLastError()
function to get the error code.boolean EvtGetEventMetadataProperty(Winevt.EVT_HANDLE EventMetadata, int PropertyId, int Flags, int EventMetadataPropertyBufferSize, Pointer Buffer, IntByReference BufferUsed)
EventMetadata
- [in] A handle to the event metadata that
the EvtNextEventMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int)
function returns.PropertyId
- [in] The identifier of the metadata property to retrieve. For a list of
property identifiers, see
the Winevt.EVT_EVENT_METADATA_PROPERTY_ID
enumeration.Flags
- [in] Reserved. Must be zero.EventMetadataPropertyBufferSize
- [in] The size of the EventMetadataPropertyBuffer buffer, in bytes.Buffer
- [in] A caller-allocated buffer that will receive the metadata property.
The buffer contains an EVT_VARIANT object. You can set this parameter to
NULL to determine the required buffer size.BufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that
the function used or the required buffer size if the function fails
with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.boolean EvtGetObjectArraySize(Pointer ObjectArray, IntByReference ObjectArraySize)
ObjectArray
- [in] A handle to an array of objects that
the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)
function returns.ObjectArraySize
- [out] The number of elements in the array.Kernel32.GetLastError()
function.boolean EvtGetObjectArrayProperty(Pointer ObjectArray, int PropertyId, int ArrayIndex, int Flags, int PropertyValueBufferSize, Pointer PropertyValueBuffer, IntByReference PropertyValueBufferUsed)
ObjectArray
- [in] A handle to an array of objects that
the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference)
function returns.PropertyId
- [in] The property identifier of the metadata property that you want to get from
the specified object. For possible values, see the Remarks section of
Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID
.ArrayIndex
- [in] The zero-based index of the object in the array.Flags
- [in] Reserved. Must be zero.PropertyValueBufferSize
- [in] The size of the PropertyValueBuffer buffer, in bytes.PropertyValueBuffer
- [in] A caller-allocated buffer that will receive the metadata property.
The buffer contains an EVT_VARIANT object. You can set this parameter to NULL
to determine the required buffer size.PropertyValueBufferUsed
- [in] The size, in bytes, of the caller-allocated buffer that the function used
or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.boolean EvtGetQueryInfo(Winevt.EVT_HANDLE QueryOrSubscription, int PropertyId, int PropertyValueBufferSize, Pointer PropertyValueBuffer, IntByReference PropertyValueBufferUsed)
QueryOrSubscription
- [in] A handle to the query that the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)
or
EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int)
function returns.PropertyId
- [in] The identifier of the query information to retrieve. For a list of
identifiers, see the Winevt.EVT_QUERY_PROPERTY_ID
enumeration.PropertyValueBufferSize
- [in] The size of the PropertyValueBuffer buffer, in bytes.PropertyValueBuffer
- [in] A caller-allocated buffer that will receive the query information.
The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to
determine the required buffer size.PropertyValueBufferUsed
- [out] The size, in bytes, of the caller-allocated buffer that the
function used or the required buffer size if the function fails
with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.Winevt.EVT_HANDLE EvtCreateBookmark(java.lang.String BookmarkXml)
BookmarkXml
- [in, optional] An XML string that contains the bookmark or NULL if creating a bookmark.Kernel32.GetLastError()
function to get the error code.boolean EvtUpdateBookmark(Winevt.EVT_HANDLE Bookmark, Winevt.EVT_HANDLE Event)
Bookmark
- [in] The handle to the bookmark to be updated. The EvtCreateBookmark(java.lang.String)
function
returns this handle.Event
- [in] The handle to the event to bookmark.Kernel32.GetLastError()
function.boolean EvtGetEventInfo(Winevt.EVT_HANDLE Event, int PropertyId, int PropertyValueBufferSize, Pointer PropertyValueBuffer, IntByReference PropertyValueBufferUsed)
Event
- [in] A handle to an event for which you want to retrieve information.PropertyId
- [in] A flag that identifies the information to retrieve. For example, the query
identifier or the path. For possible values,
see the Winevt.EVT_EVENT_PROPERTY_ID
enumeration.PropertyValueBufferSize
- [in] The size of the PropertyValueBuffer buffer, in bytes.PropertyValueBuffer
- [in] A caller-allocated buffer that will receive the information. The buffer
contains an EVT_VARIANT object. You can set this parameter to NULL to determine
the required buffer size.PropertyValueBufferUsed
- [in] The size, in bytes, of the caller-allocated buffer that the function used
or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.Kernel32.GetLastError()
function.