2.3.1 EVENT_DESCRIPTOR
The EVENT_DESCRIPTOR structure specifies the metadata that defines an event.
-
typedef struct _EVENT_DESCRIPTOR { USHORT Id; UCHAR Version; UCHAR Channel; UCHAR Level; UCHAR Opcode; USHORT Task; ULONGLONG Keyword; } EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR, *PCEVENT_DESCRIPTOR;
Id: The event identifier.
Version: The version of the event, which indicates a revision to the event definition. The Version and Id members uniquely identify the event within the scope of a provider.
Channel: Defines the audience for the event (for example, administrator or developer).
Level: Specifies the severity or level of detail included in the event (for example, informational or fatal).
Opcode: Identifies a step in a sequence of operations being performed within a Task.
Task: Identifies a larger unit of work within an application or component (broader in scope than the Opcode).
Keyword: A bitmask that specifies a logical group of related events. Each bit corresponds to one group. An event can belong to one or more groups. The keyword can contain one or more provider-defined keywords, standard keywords, or both.
This structure represents an event defined in a manifest and is included in the EVENT_HEADER structure.