EVT_SYSTEM_PROPERTY_ID enumeration (winevt.h)

Defines the identifiers that identify the system-specific properties of an event.

Syntax

typedef enum _EVT_SYSTEM_PROPERTY_ID {
  EvtSystemProviderName = 0,
  EvtSystemProviderGuid,
  EvtSystemEventID,
  EvtSystemQualifiers,
  EvtSystemLevel,
  EvtSystemTask,
  EvtSystemOpcode,
  EvtSystemKeywords,
  EvtSystemTimeCreated,
  EvtSystemEventRecordId,
  EvtSystemActivityID,
  EvtSystemRelatedActivityID,
  EvtSystemProcessID,
  EvtSystemThreadID,
  EvtSystemChannel,
  EvtSystemComputer,
  EvtSystemUserID,
  EvtSystemVersion,
  EvtSystemPropertyIdEND
} EVT_SYSTEM_PROPERTY_ID;

Constants

 
EvtSystemProviderName
Value: 0
Identifies the Name attribute of the provider element. The variant type for this property is EvtVarTypeString.
EvtSystemProviderGuid
Identifies the Guid attribute of the provider element. The variant type for this property is EvtVarTypeGuid.
EvtSystemEventID
Identifies the EventID element. The variant type for this property is EvtVarTypeUInt16.
EvtSystemQualifiers
Identifies the Qualifiers attribute of the EventID element. The variant type for this property is EvtVarTypeUInt16.
EvtSystemLevel
Identifies the Level element. The variant type for this property is EvtVarTypeUInt8.
EvtSystemTask
Identifies the Task element. The variant type for this property is EvtVarTypeUInt16.
EvtSystemOpcode
Identifies the Opcode element. The variant type for this property is EvtVarTypeUInt8.
EvtSystemKeywords
Identifies the Keywords element. The variant type for this property is EvtVarTypeInt64.
EvtSystemTimeCreated
Identifies the SystemTime attribute of the TimeCreated element. The variant type for this property is EvtVarTypeFileTime.
EvtSystemEventRecordId
Identifies the EventRecordID element. The variant type for this property is EvtVarTypeUInt64.
EvtSystemActivityID
Identifies the ActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid.
EvtSystemRelatedActivityID
Identifies the RelatedActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid.
EvtSystemProcessID
Identifies the ProcessID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32.
EvtSystemThreadID
Identifies the ThreadID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32.
EvtSystemChannel
Identifies the Channel element. The variant type for this property is EvtVarTypeString.
EvtSystemComputer
Identifies the Computer element. The variant type for this property is EvtVarTypeString.
EvtSystemUserID
Identifies the UserID element. The variant type for this property is EvtVarTypeSid.
EvtSystemVersion
Identifies the Version element. The variant type for this property is EvtVarTypeUInt8.
EvtSystemPropertyIdEND
This enumeration value marks the end of the enumeration values.

Remarks

Before accessing these properties, check the variant type to ensure that it is not EvtVarTypeNULL; not all events will contain all system properties. For a list of system properties, see the Event schema.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header winevt.h

See also

EVT_RENDER_CONTEXT_FLAGS

EVT_RENDER_FLAGS

EvtCreateRenderContext

EvtRender