2.3.1 EVENT_DESCRIPTOR

The EVENT_DESCRIPTOR structure specifies the metadata that defines an event.

 typedef struct _EVENT_DESCRIPTOR {
   USHORT Id;
   UCHAR Version;
   UCHAR Channel;
   UCHAR Level;
   UCHAR Opcode;
   USHORT Task;
   ULONGLONG Keyword;
 } EVENT_DESCRIPTOR,
  *PEVENT_DESCRIPTOR,
  *PCEVENT_DESCRIPTOR;

Id: The event identifier.

Version: The version of the event, which indicates a revision to the event definition. The Version and Id members uniquely identify the event within the scope of a provider.

Channel: Defines the audience for the event (for example, administrator or developer).

Level: Specifies the severity or level of detail included in the event (for example, informational or fatal).

Opcode: Identifies a step in a sequence of operations being performed within a Task.

Task: Identifies a larger unit of work within an application or component (broader in scope than the Opcode).

Keyword: A bitmask that specifies a logical group of related events. Each bit corresponds to one group. An event can belong to one or more groups. The keyword can contain one or more provider-defined keywords, standard keywords, or both.

This structure represents an event defined in a manifest and is included in the EVENT_HEADER structure.