Includes&Samples |
Win32_NTEventlogFile, ROOT\cimv2 - InstancesClass | Methods (16) | Properties (39) | Qualifiers (6) | Instances (12) | Namespaces (2)Samples: VB Script | C# | VB.Net | Search on:Microsoft Instances of Win32_NTEventlogFileThis section contains sample wmi instances of Win32_NTEventlogFile class with their properties from Microsoft Windows Server 2012 R2 Datacenter Evaluation. Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Active Directory Web Services.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\active directory web services.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926204932.946851-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\active directory web services.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\active~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Active Directory Web Services' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926204932.946851-420' //String 'InUseCount' : null 'LastAccessed' : '20140926204932.946851-420' //String 'LastModified' : '20141112141114.026943-480' //String 'LogfileName' : 'Active Directory Web Services' //String 'Manufacturer' : null 'MaxFileSize' : 1052672 //Long, 0x101000 'Name' : 'C:\Windows\System32\Winevt\Logs\Active Directory Web Services.evtx' //String 'NumberOfRecords' : 81 //Long, 0x51 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Active Directory Web Services', 'ADWS'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Application.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\application.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.071682-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\application.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\applic~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Application' //String 'FileSize' : '20975616' //String, 0x1401000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.071682-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.071682-420' //String 'LastModified' : '20141113073153.827405-480' //String 'LogfileName' : 'Application' //String 'Manufacturer' : null 'MaxFileSize' : 20971520 //Long, 0x1400000 'Name' : 'C:\Windows\System32\Winevt\Logs\Application.evtx' //String 'NumberOfRecords' : 39777 //Long, 0x9B61 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Application', '.NET Runtime', '.NET Runtime Optimization Service', 'Active Directory Rights Management Services', 'Active Server Pages', 'Application Error', 'Application Hang', 'Application Management', 'Application-Addon-Event-Provider', 'ASP.NET 2.0.50727.0', 'ASP.NET 4.0.30319.0', 'AutoEnrollment', 'BINLSVC', 'BITS Server Extensions', 'CardSpace 4.0.0.0', 'CEPSvc', 'CertCa', 'CertCli', 'CertEnroll', 'CertSvc', 'CESSvc', 'Chkdsk', 'COM', 'COM+', 'Customer Experience Improvement Program', 'DatabaseMail', 'Desktop Window Manager', 'devenv', 'DiskQuota', 'DSReplicationProvider', 'Error Instrument', 'ESENT', 'EventSystem', 'EvntAgnt', 'Folder Redirection', 'FssProv', 'Group Policy Applications', 'Group Policy Client', 'Group Policy Data Sources', 'Group Policy Device Settings', 'Group Policy Drive Maps', 'Group Policy Environment', 'Group Policy Files', 'Group Policy Folder Options', 'Group Policy Folders', 'Group Policy HTML View Extension', 'Group Policy Ini Files', 'Group Policy Internet Settings', 'Group Policy Local Users and Groups', 'Group Policy Mail Profiles', 'Group Policy Management', 'Group Policy Network Options', 'Group Policy Network Shares', 'Group Policy Power Options', 'Group Policy Printers', 'Group Policy Regional Options', 'Group Policy Registry', 'Group Policy Scheduled Tasks', 'Group Policy Services', 'Group Policy Shortcuts', 'Group Policy Standard Edition', 'Group Policy Start Menu Settings', 'GroupPolicy', 'Handwriting Recognition', 'Help CacheLib', 'Help Index', 'Help Protocol', 'Help Zip', 'HelpLibAgent', 'HelpLibManager', 'HostableWebCore', 'HostMIBAgent', 'IISADMIN', 'IISInfoCtrs', 'Interactive Services detection', 'ipmiprv', 'LoadPerf', 'LPR Print Monitor', 'Microsoft (R) Visual Basic Compiler', 'Microsoft Fax', 'Microsoft Help Viewer', 'Microsoft Visual Studio', 'Microsoft-Windows-ApplicationExperienceInfrastructure', 'Microsoft-Windows-AppModel-Runtime', 'Microsoft-Windows-AppModel-State', 'Microsoft-Windows-ASN1', 'Microsoft-Windows-Audio', 'Microsoft-Windows-AxInstallService', 'Microsoft-Windows-Backup', 'Microsoft-Windows-BestPractices', 'Microsoft-Windows-CAPI2', 'Microsoft-Windows-CertificateServicesClient', 'Microsoft-Windows-CertificateServicesClient-AutoEnrollment', 'Microsoft-Windows-CertificateServicesClient-CertEnroll', 'Microsoft-Windows-CertificateServicesClient-CredentialRoaming', 'Microsoft-Windows-CertificationAuthority', 'Microsoft-Windows-CertificationAuthorityClient-CertCli', 'Microsoft-Windows-COMRuntime', 'Microsoft-Windows-Crypto-BCrypt', 'Microsoft-Windows-Crypto-CNG', 'Microsoft-Windows-Crypto-DPAPI', 'Microsoft-Windows-Crypto-DSSEnh', 'Microsoft-Windows-Crypto-NCrypt', 'Microsoft-Windows-Crypto-RNG', 'Microsoft-Windows-Crypto-RSAEnh', 'Microsoft-Windows-Deduplication', 'Microsoft-Windows-Defrag', 'Microsoft-Windows-DirectoryServices-Deployment', 'Microsoft-Windows-DirectShow-Core', 'Microsoft-Windows-DirectShow-KernelSupport', 'Microsoft-Windows-EapHost', 'Microsoft-Windows-EFS', 'Microsoft-Windows-EventCollector', 'Microsoft-Windows-FederationServices-Deployment', 'Microsoft-Windows-FileServices-ServerManager-EventProvider', 'Microsoft-Windows-Folder Redirection', 'Microsoft-Windows-GenericRoaming', 'Microsoft-Windows-IIS-IISManager', 'Microsoft-Windows-Immersive-Shell', 'Microsoft-Windows-IPAM', 'Microsoft-Windows-KdsSvc', 'Microsoft-Windows-LiveId', 'Microsoft-Windows-LoadPerf', 'Microsoft-Windows-Management-UI', 'Microsoft-Windows-MSMQ', 'Microsoft-Windows-PerfCtrs', 'Microsoft-Windows-PerfNet', 'Microsoft-Windows-PerfOS', 'Microsoft-Windows-PerfProc', 'Microsoft-Windows-propsys', 'Microsoft-Windows-Rdms-UI', 'Microsoft-Windows-RemoteApp and Desktop Connections', 'Microsoft-Windows-RemoteAssistance', 'Microsoft-Windows-RestartManager', 'Microsoft-Windows-RPC-Events', 'Microsoft-Windows-Security-EnterpriseData-FileRevocationManager', 'Microsoft-Windows-Security-Netlogon', 'Microsoft-Windows-ServerManager-MultiMachine', 'Microsoft-Windows-SmartCard-DeviceEnum', 'Microsoft-Windows-SoftwareRestrictionPolicies', 'Microsoft-Windows-Spell-Checking', 'Microsoft-Windows-SpellChecker', 'Microsoft-Windows-Spellchecking-Host', 'Microsoft-Windows-TerminalServices-ClientActiveXCore', 'Microsoft-Windows-TerminalServices-Gateway', 'Microsoft-Windows-User Profiles General', 'Microsoft-Windows-User Profiles Service', 'Microsoft-Windows-User-Loader', 'Microsoft-Windows-Video-For-Windows', 'Microsoft-Windows-WBioSrvc', 'Microsoft-Windows-Winsrv', 'Microsoft-Windows-WMI', 'Microsoft-Windows-XWizards', 'Microsoft.Transactions.Bridge 3.0.0.0', 'Microsoft.Transactions.Bridge 4.0.0.0', 'MSDTC', 'MSDTC 2', 'MSDTC Client', 'MSDTC Client 2', 'MSExchange ADAccess', 'MSExchange Common', 'MSExchange Management Application', 'MSExchange RBAC', 'MSExchange Topology', 'MSExchange Workload Management', 'MsiInstaller', 'MSMQ', 'MSMQTriggers', 'MSODBCSQL11.1', 'MSSQL$MICROSOFT##WID', 'MSSQLSERVER', 'NfsClnt', 'nfsnp', 'NfsService', 'PDH', 'PerfCtrs', 'PerfDisk', 'Perflib', 'PerfNet', 'PerfOs', 'PerfProc', 'PrintBrm', 'Process Exit Monitor', 'Profsvc', 'RasClient', 'RDWebAccess', 'RDWebService', 'Report Manager (MSSQLSERVER)', 'Report Server (MSSQLSERVER)', 'Report Server (WMI12)', 'Report Server Windows Service (MSSQLSERVER)', 'RPC Proxy', 'RPC/HTTP LB Service', 'SceCli', 'SceSrv', 'SCW', 'SCW Analysis', 'ServiceModel Audit 3.0.0.0', 'ServiceModel Audit 4.0.0.0', 'ServiceProviderRegistry', 'SideBySide', 'Software Installation', 'Software Protection Platform Service', 'SPP', 'SQL Server Reporting Services (MSSQLSERVER)', 'SQLBackupToUrl', 'SQLBrowser', 'SQLCTR', 'SQLDumper', 'SQLISPackage120', 'SQLISService120', 'SQLLocalDB 12.0', 'SQLNCLI11.1', 'SQLSERVERAGENT', 'SQLVDI', 'SQLWEP', 'SQLWriter', 'SrmReports', 'SrmSvc', 'Standard TCP/IP Port', 'System.IdentityModel 3.0.0.0', 'System.IdentityModel 4.0.0.0', 'System.IO.Log 3.0.0.0', 'System.IO.Log 4.0.0.0', 'System.Runtime.Serialization 3.0.0.0', 'System.Runtime.Serialization 4.0.0.0', 'System.ServiceModel 3.0.0.0', 'System.ServiceModel 4.0.0.0', 'TlntSvr', 'TrustMonitor', 'usbperf', 'Userenv', 'VBRuntime', 'vmicguestinterface', 'vmicheartbeat', 'vmickvpexchange', 'vmicrdv', 'vmicshutdown', 'vmictimesync', 'vmicvss', 'VsJITDebugger', 'VSS', 'W3Ctrs', 'W3SVC-WP', 'WAS-LA', 'WDSDDPS', 'WDSIMGSRV', 'WDSMC', 'WDSPXE', 'WDSServer', 'WDSTFTP', 'WerSvc', 'WIDVDI', 'Windows Error Reporting', 'Windows Search Service', 'Windows Search Service Profile Notification', 'Windows Server Update Services', 'Wininit', 'Winlogon', 'WinMgmt', 'WinsCtrs', 'Wlclntfy', 'WLMS', 'WMI.NET Provider Extension', 'WMSVC', 'Wow64 Emulation Layer', 'WseMediaSvc', 'WseMgmtSvc', 'WseNtfSvc', 'WSH', 'wts'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\DFS Replication.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\dfs replication.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926204934.462129-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\dfs replication.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\dfsrep~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'DFS Replication' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926204934.462129-420' //String 'InUseCount' : null 'LastAccessed' : '20140926204934.462129-420' //String 'LastModified' : '20141112141120.589450-480' //String 'LogfileName' : 'DFS Replication' //String 'Manufacturer' : null 'MaxFileSize' : 15532032 //Long, 0xED0000 'Name' : 'C:\Windows\System32\Winevt\Logs\DFS Replication.evtx' //String 'NumberOfRecords' : 200 //Long, 0xC8 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['DFS Replication', 'DFSR'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Directory Service.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\directory service.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926204934.546711-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\directory service.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\direct~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Directory Service' //String 'FileSize' : '1052672' //String, 0x101000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926204934.546711-420' //String 'InUseCount' : null 'LastAccessed' : '20140926204934.546711-420' //String 'LastModified' : '20141112142440.458385-480' //String 'LogfileName' : 'Directory Service' //String 'Manufacturer' : null 'MaxFileSize' : 1052672 //Long, 0x101000 'Name' : 'C:\Windows\System32\Winevt\Logs\Directory Service.evtx' //String 'NumberOfRecords' : 219 //Long, 0xDB 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Directory Service', 'NTDS API', 'NTDS Backup', 'NTDS Database', 'NTDS General', 'NTDS Inter-site Messaging', 'NTDS ISAM', 'NTDS KCC', 'NTDS LDAP', 'NTDS MAPI', 'NTDS Replication', 'NTDS SAM', 'NTDS Scripting', 'NTDS SDPROP', 'NTDS Security', 'NTDS Setup', 'NTDS XDS'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\DNS Server.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\dns server.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926205540.247114-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\dns server.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\dnsser~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'DNS Server' //String 'FileSize' : '1118208' //String, 0x111000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926205540.247114-420' //String 'InUseCount' : null 'LastAccessed' : '20140926205540.247114-420' //String 'LastModified' : '20141112141129.667572-480' //String 'LogfileName' : 'DNS Server' //String 'Manufacturer' : null 'MaxFileSize' : 16777216 //Long, 0x1000000 'Name' : 'C:\Windows\System32\Winevt\Logs\DNS Server.evtx' //String 'NumberOfRecords' : 774 //Long, 0x306 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['DNS Server', 'DNS'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\HardwareEvents.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\hardwareevents.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.587307-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\hardwareevents.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\hardwa~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'HardwareEvents' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.587307-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.587307-420' //String 'LastModified' : '20140926193250.727986-420' //String 'LogfileName' : 'HardwareEvents' //String 'Manufacturer' : null 'MaxFileSize' : 20971520 //Long, 0x1400000 'Name' : 'C:\Windows\System32\Winevt\Logs\HardwareEvents.evtx' //String 'NumberOfRecords' : 0 //Long, 0x0 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['HardwareEvents', 'Microsoft-Windows-WSMAN-SEL_LogRecord'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Internet Explorer.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\internet explorer.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.462307-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\internet explorer.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\intern~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Internet Explorer' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.462307-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.462307-420' //String 'LastModified' : '20140926193250.727986-420' //String 'LogfileName' : 'Internet Explorer' //String 'Manufacturer' : null 'MaxFileSize' : 1052672 //Long, 0x101000 'Name' : 'C:\Windows\System32\Winevt\Logs\Internet Explorer.evtx' //String 'NumberOfRecords' : 0 //Long, 0x0 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Internet Explorer'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Key Management Service.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\key management service.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.368557-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\key management service.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\keyman~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Key Management Service' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.368557-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.368557-420' //String 'LastModified' : '20140926193250.727986-420' //String 'LogfileName' : 'Key Management Service' //String 'Manufacturer' : null 'MaxFileSize' : 20971520 //Long, 0x1400000 'Name' : 'C:\Windows\System32\Winevt\Logs\Key Management Service.evtx' //String 'NumberOfRecords' : 0 //Long, 0x0 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Key Management Service', 'KmsRequests'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\MSExchange Management.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\msexchange management.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20141008212333.719005-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\msexchange management.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\msexch~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'MSExchange Management' //String 'FileSize' : '69632' //String, 0x11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20141008212333.719005-420' //String 'InUseCount' : null 'LastAccessed' : '20141008212333.719005-420' //String 'LastModified' : '20141009153122.634278-420' //String 'LogfileName' : 'MSExchange Management' //String 'Manufacturer' : null 'MaxFileSize' : 1052672 //Long, 0x101000 'Name' : 'C:\Windows\System32\Winevt\Logs\MSExchange Management.evtx' //String 'NumberOfRecords' : 15 //Long, 0xF 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['MSExchange Management', 'MSExchange CmdletLogs', 'MSExchange Configuration Cmdlet - Management Console'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Security.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\security.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.118557-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\security.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\securi~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Security' //String 'FileSize' : '134221824' //String, 0x8001000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.118557-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.118557-420' //String 'LastModified' : '20141112140936.655795-480' //String 'LogfileName' : 'Security' //String 'Manufacturer' : null 'MaxFileSize' : 134217728 //Long, 0x8000000 'Name' : 'C:\Windows\System32\Winevt\Logs\Security.evtx' //String 'NumberOfRecords' : 220357 //Long, 0x35CC5 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Security', 'AD FS Auditing', 'DRS Auditing', 'DS', 'FSRM Audit', 'HRAAudit', 'IIS-METABASE', 'LSA', 'Microsoft-Windows-Eventlog', 'Microsoft-Windows-Security-Auditing', 'MSSQLSERVER$AUDIT', 'Quota Filter Audit', 'SC Manager', 'Security Account Manager', 'ServiceModel 3.0.0.0', 'ServiceModel 4.0.0.0', 'Spooler', 'TCP/IP', 'VSSAudit'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\System.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\system.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193217.977932-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\system.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\system~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'System' //String 'FileSize' : '11603968' //String, 0xB11000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193217.977932-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193217.977932-420' //String 'LastModified' : '20141112214443.363280-480' //String 'LogfileName' : 'System' //String 'Manufacturer' : null 'MaxFileSize' : 20971520 //Long, 0x1400000 'Name' : 'C:\Windows\System32\Winevt\Logs\System.evtx' //String 'NumberOfRecords' : 32762 //Long, 0x7FFA 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['System', '3ware', 'ACPI', 'ADP80XX', 'AeLookupSvc', 'AFD', 'AmdK8', 'AmdPPM', 'amdsata', 'amdsbs', 'amdxata', 'APPHOSTSVC', 'Application Management Group Policy', 'Application Popup', 'AppReadiness', 'arcsas', 'AsyncMac', 'atapi', 'b06bdrv', 'BasicDisplay', 'BasicRender', 'beep', 'bfadfcoei', 'bfadi', 'Bowser', 'Browser', 'BugCheck', 'bxfcoe', 'bxois', 'Cbafilt', 'cdrom', 'CertObj', 'cht4vbd', 'DataScrn', 'DCOM', 'DfsSvc', 'Dhcp', 'DHCPServer', 'Dhcpv6', 'DHCPv6r', 'Dhcp_QEC', 'disk', 'Display', 'dmvsc', 'Dnsapi', 'Dnscache', 'ebdrv', 'elxfcoe', 'elxstor', 'eventlog', 'exFAT', 'FltMgr', 'FTPSVC', 'fvevol', 'FxPPM', 'HpSAMD', 'HRA', 'Http', 'i8042prt', 'iaStorAV', 'iaStorV', 'ibbus', 'IGMPv2', 'IIS Config', 'IIS-METABASE', 'IISCTLS', 'IISLOG', 'IISWMI', 'intelppm', 'IPBOOTP', 'IPMGM', 'IPMIDRV', 'IPNATHLP', 'IPRIP2', 'IPRouterManager', 'isapnp', 'iScsiPrt', 'kbdclass', 'kbdhid', 'KDC', 'kdnic', 'Kerberos', 'lltdio', 'LmHosts', 'LPDSVC', 'LsaSrv', 'LSI_SAS', 'LSI_SAS2', 'LSI_SAS3', 'LSI_SSS', 'LSM', 'megasas', 'megasr', 'Microsoft-Windows-BitLocker-API', 'Microsoft-Windows-BitLocker-Driver', 'Microsoft-Windows-Bits-Client', 'Microsoft-Windows-CorruptedFileRecovery-Client', 'Microsoft-Windows-CorruptedFileRecovery-Server', 'Microsoft-Windows-Devices-Background', 'Microsoft-Windows-DFSN-Server', 'Microsoft-Windows-DFSN-ServerFilter', 'Microsoft-Windows-DfsSvc', 'Microsoft-Windows-Dhcp-Client', 'Microsoft-Windows-Dhcp-Nap-Enforcement-Client', 'Microsoft-Windows-DHCP-Server', 'Microsoft-Windows-DHCPv6-Client', 'Microsoft-Windows-Diagnostics-Networking', 'Microsoft-Windows-Directory-Services-SAM', 'Microsoft-Windows-DirectoryServices-DSROLE-Server', 'Microsoft-Windows-DirectoryServices-LSADB', 'Microsoft-Windows-DiskDiagnostic', 'Microsoft-Windows-DistributedCOM', 'Microsoft-Windows-DNS-Client', 'Microsoft-Windows-DriverFrameworks-UserMode', 'Microsoft-Windows-EnhancedStorage-EhStorTcgDrv', 'Microsoft-Windows-EventCollector', 'Microsoft-Windows-Eventlog', 'Microsoft-Windows-exFAT-SQM', 'Microsoft-Windows-FailoverClustering', 'Microsoft-Windows-Fat-SQM', 'Microsoft-Windows-FilterManager', 'Microsoft-Windows-Firewall', 'Microsoft-Windows-FMS', 'Microsoft-Windows-FunctionDiscoveryHost', 'Microsoft-Windows-GPIO-ClassExtension', 'Microsoft-Windows-GroupPolicy', 'Microsoft-Windows-HAL', 'Microsoft-Windows-HCAP', 'Microsoft-Windows-HttpEvent', 'Microsoft-Windows-Hyper-V-High-Availability', 'Microsoft-Windows-Hyper-V-Hypervisor', 'Microsoft-Windows-Hyper-V-VMMS', 'Microsoft-Windows-Hyper-V-VmSwitch', 'Microsoft-Windows-IPAM', 'Microsoft-Windows-Iphlpsvc', 'Microsoft-Windows-Kernel-Boot', 'Microsoft-Windows-Kernel-General', 'Microsoft-Windows-Kernel-Interrupt-Steering', 'Microsoft-Windows-Kernel-PnP', 'Microsoft-Windows-Kernel-Power', 'Microsoft-Windows-Kernel-Processor-Power', 'Microsoft-Windows-Kernel-Tm', 'Microsoft-Windows-Kernel-WHEA', 'Microsoft-Windows-Kernel-XDV', 'Microsoft-Windows-LanguagePackSetup', 'Microsoft-Windows-Memory-Diagnostic-Task-Handler', 'Microsoft-Windows-MemoryDiagnostics-Results', 'Microsoft-Windows-MemoryDiagnostics-Schedule', 'Microsoft-Windows-MsLbfoSysEvtProvider', 'Microsoft-Windows-NDIS', 'Microsoft-Windows-NdisImPlatformSysEvtProvider', 'Microsoft-Windows-NetworkBridge', 'Microsoft-Windows-NLB', 'Microsoft-Windows-Ntfs', 'Microsoft-Windows-Ntfs-SQM', 'Microsoft-Windows-Ntfs-UBPM', 'Microsoft-Windows-OfflineFiles', 'Microsoft-Windows-Power-Troubleshooter', 'Microsoft-Windows-RasSstp', 'Microsoft-Windows-Resource-Exhaustion-Detector', 'Microsoft-Windows-ResourcePublication', 'Microsoft-Windows-SCPNP', 'Microsoft-Windows-Serial-ClassExtension', 'Microsoft-Windows-Serial-ClassExtension-V2', 'Microsoft-Windows-ServerManager-ConfigureSMRemoting', 'Microsoft-Windows-ServerMigration', 'Microsoft-Windows-ServicesForNFS-Cluster', 'Microsoft-Windows-Servicing', 'Microsoft-Windows-Setup', 'Microsoft-Windows-SetupPlatform', 'Microsoft-Windows-SPB-ClassExtension', 'Microsoft-Windows-SPB-HIDI2C', 'Microsoft-Windows-Spell-Checking', 'Microsoft-Windows-SpellChecker', 'Microsoft-Windows-Spooler-LPDSVC', 'Microsoft-Windows-StartupRepair', 'Microsoft-Windows-Subsys-SMSS', 'Microsoft-Windows-TaskScheduler', 'Microsoft-Windows-TerminalServices-Licensing', 'Microsoft-Windows-TerminalServices-LocalSessionManager', 'Microsoft-Windows-TerminalServices-RemoteConnectionManager', 'Microsoft-Windows-TerminalServices-SessionBroker', 'Microsoft-Windows-TerminalServices-SessionBroker-Client', 'Microsoft-Windows-TerminalServices-TSAppSrv-TSMSI', 'Microsoft-Windows-TerminalServices-TSAppSrv-TSVIP', 'Microsoft-Windows-TerminalServices-TSFairShare-Events', 'Microsoft-Windows-Time-Service', 'Microsoft-Windows-TPM-WMI', 'Microsoft-Windows-USB-USBXHCI', 'Microsoft-Windows-UserModePowerService', 'Microsoft-Windows-UserPnp', 'Microsoft-Windows-WHEA-Logger', 'Microsoft-Windows-WindowsUpdateClient', 'Microsoft-Windows-Wininit', 'Microsoft-Windows-Winlogon', 'Microsoft-Windows-WLAN-AutoConfig', 'mlx4_bus', 'mouclass', 'mouhid', 'mpio', 'mrxsmb', 'MsBridge', 'MSDTC Gateway', 'MSDTC WS-AT Protocol', 'MSiSCSI', 'MSiSNS', 'MsLbfoProvider', 'MTConfig', 'Mup', 'mvumis', 'NAPIPSecEnf', 'NdisImPlatform', 'NdisImPlatformSysEvtProvider', 'NdisWan', 'NdisWanLegacy', 'NetBIOS', 'NetBT', 'NetJoin', 'Netlogon', 'netvsc', 'netvscvfpp', 'Nfsrdr', 'NfsRes', 'NfsServer', 'NPS', 'Ntfs', 'nvraid', 'nvstor', 'P2PIMSvc', 'Parport', 'partmgr', 'pcmcia', 'PNRPSvc', 'Portmap', 'Power', 'PptpMiniport', 'Print', 'PrintFilterPipelineSvc', 'Processor', 'pvhdparser', 'ql2300i', 'ql40xx2i', 'qlfcoei', 'Quota', 'RasAuto', 'Rasman', 'RasSstp', 'rdbss', 'ReFS', 'RemoteAccess', 'RMCAST', 'RpcXdr', 'rqs', 'RsFx0300', 'rspndr', 'RTL8168', 'SAM', 'sbp2port', 'SCardSvr', 'Schannel', 'sercx', 'sercx2', 'Serial', 'sermouse', 'Server', 'Service Control Manager', 'SiSRaid2', 'SiSRaid4', 'SMSvcHost 3.0.0.0', 'SMSvcHost 4.0.0.0', 'SMTPSVC', 'SNMP', 'SNMPTRAP', 'spaceport', 'spbcx', 'Srv', 'stexstor', 'StillImage', 'storahci', 'storflt', 'stornvme', 'storvsc', 'storvsp', 'synth3dvsp', 'Tcpip', 'Tcpip6', 'TCPMon', 'TermService', 'TermServJet', 'TermServLicensing', 'TermServSessDir', 'TPM', 'TSFairShare', 'TSIPVirtualization', 'TSMSISrv', 'TsUsbFlt', 'tsusbhub', 'tunnel', 'UASPStor', 'UEFI', 'UmRdpService', 'usbehci', 'User32', 'VDS Basic Provider', 'VDS Dynamic Provider', 'VDS Virtual Disk Provider', 'vhdmp', 'vhdparser', 'Virtual Disk Service', 'vmbus', 'vmbusr', 'VmHostAgent', 'VMSMP', 'VMSP', 'VMSVSF', 'VMSVSP', 'volmgr', 'Volsnap', 'vpci', 'vpcivsp', 'vsmraid', 'VSTXRAID', 'W32Time', 'W3LOGSVC', 'W3SVC', 'WacomPen', 'WAS', 'wdf01000', 'wecsvc', 'Win32k', 'Windows Disk Diagnostic', 'Windows Script Host', 'WinHttpAutoProxySvc', 'WinNat', 'WinRM', 'WINS', 'WLBS', 'WMIxWDM', 'Workstation', 'WPDClassInstaller'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } Instance \\W2012SDC\ROOT\cimv2:Win32_NTEventlogFile.Name="C:\\Windows\\System32\\Winevt\\Logs\\Windows PowerShell.evtx"Properties={ 'AccessMask' : null 'Archive' : True //Boolean, 0xFFFFFFFF 'Caption' : 'c:\windows\system32\winevt\logs\windows powershell.evtx' //String 'Compressed' : False //Boolean, 0x0 'CompressionMethod' : null 'CreationClassName' : 'Win32_NTEventlogFile' //String 'CreationDate' : '20140926193218.227932-420' //String 'CSCreationClassName' : 'Win32_ComputerSystem' //String 'CSName' : '.' //String 'Description' : 'c:\windows\system32\winevt\logs\windows powershell.evtx' //String 'Drive' : 'c:' //String 'EightDotThreeFileName' : 'c:\windows\system32\winevt\logs\window~1.evt' //String 'Encrypted' : False //Boolean, 0x0 'EncryptionMethod' : null 'Extension' : 'evtx' //String 'FileName' : 'Windows PowerShell' //String 'FileSize' : '2166784' //String, 0x211000 'FileType' : 'evtx File' //String 'FSCreationClassName' : 'Win32_FileSystem' //String 'FSName' : 'NTFS' //String 'Hidden' : False //Boolean, 0x0 'InstallDate' : '20140926193218.227932-420' //String 'InUseCount' : null 'LastAccessed' : '20140926193218.227932-420' //String 'LastModified' : '20141112143122.587307-480' //String 'LogfileName' : 'Windows PowerShell' //String 'Manufacturer' : null 'MaxFileSize' : 15728640 //Long, 0xF00000 'Name' : 'C:\Windows\System32\Winevt\Logs\Windows PowerShell.evtx' //String 'NumberOfRecords' : 1661 //Long, 0x67D 'OverwriteOutDated' : 0 //Long, 0x0 'OverWritePolicy' : 'WhenNeeded' //String 'Path' : '\windows\system32\winevt\logs\' //String 'Readable' : True //Boolean, 0xFFFFFFFF 'Sources' : ['Windows PowerShell', 'PowerShell'] //Variant() 'Status' : 'OK' //String 'System' : False //Boolean, 0x0 'Version' : null 'Writeable' : True //Boolean, 0xFFFFFFFF } |