EVT_SYSTEM_PROPERTY_ID enumeration (winevt.h)

2022-01-31

Defines the identifiers that identify the system-specific properties of an event.

Syntax

typedef enum _EVT_SYSTEM_PROPERTY_ID {
  EvtSystemProviderName = 0,
  EvtSystemProviderGuid,
  EvtSystemEventID,
  EvtSystemQualifiers,
  EvtSystemLevel,
  EvtSystemTask,
  EvtSystemOpcode,
  EvtSystemKeywords,
  EvtSystemTimeCreated,
  EvtSystemEventRecordId,
  EvtSystemActivityID,
  EvtSystemRelatedActivityID,
  EvtSystemProcessID,
  EvtSystemThreadID,
  EvtSystemChannel,
  EvtSystemComputer,
  EvtSystemUserID,
  EvtSystemVersion,
  EvtSystemPropertyIdEND
} EVT_SYSTEM_PROPERTY_ID;

Constants


`EvtSystemProviderName` Value: 0 Identifies the Name attribute of the provider element. The variant type for this property is EvtVarTypeString.
`EvtSystemProviderGuid` Identifies the Guid attribute of the provider element. The variant type for this property is EvtVarTypeGuid.
`EvtSystemEventID` Identifies the EventID element. The variant type for this property is EvtVarTypeUInt16.
`EvtSystemQualifiers` Identifies the Qualifiers attribute of the EventID element. The variant type for this property is EvtVarTypeUInt16.
`EvtSystemLevel` Identifies the Level element. The variant type for this property is EvtVarTypeUInt8.
`EvtSystemTask` Identifies the Task element. The variant type for this property is EvtVarTypeUInt16.
`EvtSystemOpcode` Identifies the Opcode element. The variant type for this property is EvtVarTypeUInt8.
`EvtSystemKeywords` Identifies the Keywords element. The variant type for this property is EvtVarTypeInt64.
`EvtSystemTimeCreated` Identifies the SystemTime attribute of the TimeCreated element. The variant type for this property is EvtVarTypeFileTime.
`EvtSystemEventRecordId` Identifies the EventRecordID element. The variant type for this property is EvtVarTypeUInt64.
`EvtSystemActivityID` Identifies the ActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid.
`EvtSystemRelatedActivityID` Identifies the RelatedActivityID attribute of the Correlation element. The variant type for this property is EvtVarTypeGuid.
`EvtSystemProcessID` Identifies the ProcessID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32.
`EvtSystemThreadID` Identifies the ThreadID attribute of the Execution element. The variant type for this property is EvtVarTypeUInt32.
`EvtSystemChannel` Identifies the Channel element. The variant type for this property is EvtVarTypeString.
`EvtSystemComputer` Identifies the Computer element. The variant type for this property is EvtVarTypeString.
`EvtSystemUserID` Identifies the UserID element. The variant type for this property is EvtVarTypeSid.
`EvtSystemVersion` Identifies the Version element. The variant type for this property is EvtVarTypeUInt8.
`EvtSystemPropertyIdEND` This enumeration value marks the end of the enumeration values.

Remarks

Before accessing these properties, check the variant type to ensure that it is not EvtVarTypeNULL; not all events will contain all system properties. For a list of system properties, see the Event schema.

Requirements

Requirement	Value
Minimum supported client	Windows Vista [desktop apps only]
Minimum supported server	Windows Server 2008 [desktop apps only]
Header	winevt.h

Feedback

Was this page helpful?