Win32_NTEventlogFile

windows_snapshot::operating_system::event_log

Struct Win32_NTEventlogFile 

Source 
pub struct Win32_NTEventlogFile {
Show 39 fields
    pub AccessMask: Option<u32>,
    pub Archive: Option<bool>,
    pub Caption: Option<String>,
    pub Compressed: Option<bool>,
    pub CompressionMethod: Option<String>,
    pub CreationClassName: Option<String>,
    pub CreationDate: Option<WMIDateTime>,
    pub CSCreationClassName: Option<String>,
    pub CSName: Option<String>,
    pub Description: Option<String>,
    pub Drive: Option<String>,
    pub EightDotThreeFileName: Option<String>,
    pub Encrypted: Option<bool>,
    pub EncryptionMethod: Option<String>,
    pub Extension: Option<String>,
    pub FileName: Option<String>,
    pub FileSize: Option<u64>,
    pub FileType: Option<String>,
    pub FSCreationClassName: Option<String>,
    pub FSName: Option<String>,
    pub Hidden: Option<bool>,
    pub InstallDate: Option<WMIDateTime>,
    pub InUseCount: Option<u64>,
    pub LastAccessed: Option<WMIDateTime>,
    pub LastModified: Option<WMIDateTime>,
    pub LogfileName: Option<String>,
    pub Manufacturer: Option<String>,
    pub MaxFileSize: Option<u32>,
    pub Name: Option<String>,
    pub NumberOfRecords: Option<u32>,
    pub OverwriteOutDated: Option<u32>,
    pub OverWritePolicy: Option<String>,
    pub Path: Option<String>,
    pub Readable: Option<bool>,
    pub Sources: Option<Vec<String>>,
    pub Status: Option<String>,
    pub System: Option<bool>,
    pub Version: Option<String>,
    pub Writeable: Option<bool>,

}
Expand description

The Win32_NTEventlogFile WMI class represents a logical file or directory of operating system events. The file is also known as the event log.

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa394225(v=vs.85)

Fields§

§AccessMask: Option<u32>

Bitmask that represents the access rights required to access or perform specific operations on the event log file. For bit values, see File and Directory Access Rights Constants.

Note: On FAT volumes, the FULL_ACCESS value is returned instead, which indicates no security has been set on the object.

§Archive: Option<bool>

If True, a file that contains Windows events should be archived.

§Caption: Option<String>

Short description of the object.

§Compressed: Option<bool>

If True, a file that contains Windows events is compressed.

§CompressionMethod: Option<String>

Algorithm or tool used to compress the logical file that contains Windows events.

§CreationClassName: Option<String>

Name of the first concrete class to appear in the inheritance chain used in the creation of an instance. When used with the other key properties of the class, this property allows all instances of this class and its subclasses to be uniquely identified.

§CreationDate: Option<WMIDateTime>

Date that the file that contains Windows events was created.

§CSCreationClassName: Option<String>

Class of the computer system.

§CSName: Option<String>

Name of the computer system.

§Description: Option<String>

Description of the object.

§Drive: Option<String>

Drive letter (including colon) of the file that contains Windows events.

Example: “c:”

§EightDotThreeFileName: Option<String>

DOS-compatible file name for the file that contains Windows events.

Example: “c:\progra~1”

§Encrypted: Option<bool>

File that contains Windows events is encrypted.

§EncryptionMethod: Option<String>

Algorithm or tool used to encrypt the logical file.

§Extension: Option<String>

File name extension (without the dot) of the file that contains Windows events.

Example: “txt”, “mof”, “mdb”

§FileName: Option<String>

File name (without extension) of the file that contains Windows events.

Example: “autoexec”

§FileSize: Option<u64>

Size of the file that contains Windows events (in bytes).

For more information about using uint64 values in scripts, see Scripting in WMI.

§FileType: Option<String>

File type (indicated by the Extension property).

§FSCreationClassName: Option<String>

Class of the file system.

§FSName: Option<String>

Name of the file system.

§Hidden: Option<bool>

If True, a file that contains Windows events is hidden.

§InstallDate: Option<WMIDateTime>

Object is installed. This property does not need a value to indicate that the object is installed.

§InUseCount: Option<u64>

Number of “file opens” that are currently active against the file that contains Windows events.

For more information about using uint64 values in scripts, see Scripting in WMI.

§LastAccessed: Option<WMIDateTime>

Date and time that the file that contains Windows events was last accessed.

§LastModified: Option<WMIDateTime>

Date and time that the file that contains Windows events was last modified.

§LogfileName: Option<String>

Name of the file that contains Windows events. Standard log file names include: Application, System, and Security.

To return the actual path and file name of the event log (for example, C:\Windows\System32\Config\Sysevent.evt), use the Name property instead.

§Manufacturer: Option<String>

Manufacturer from version resource, if one is present.

§MaxFileSize: Option<u32>

Maximum size (in bytes) permitted for the file that contains Windows events. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit. WMI retrieves the Maxsize value from the Event Log Service registry values.

Although event logs can be sized as large as 4 gigabytes, in practice they should be limited to no more than 300 megabytes. Event logs larger than that can be difficult to analyze because of the number of events contained within the log and because event logs are not optimized for data retrieval.

§Name: Option<String>

Inherited name that serves as a key of a logical file instance that contains Windows events within a file system. Full path names should be provided.

Example: “c:\winnt\system\win.ini”

§NumberOfRecords: Option<u32>

Number of records in the file that contains Windows events. This value is determined by calling the Windows function GetNumberOfEventLogRecords.

§OverwriteOutDated: Option<u32>

Number of days after which an event can be overwritten.

Possible values for OverwriteOutDated include the following.

Value: Meaning

  • 0 (0x0): Any record can be overwritten if necessary. If necessary, all existing events in the event log can be overwritten to make room for new events.
  • 1…365: Windows Server 2003 and Windows XP: Possible values for OverwriteOutDated include the following. Events older than the specified number of days can be overwritten as needed. If the event log does not contain any records older than the value specified, no new events will be recorded until the log has been cleared.
  • 4294967295 (0xFFFFFFFF): No records can be overwritten. If the log reaches its maximum size, no new events will be recorded until the log has been cleared.
§OverWritePolicy: Option<String>

Current overwrite policy the Event Log service employs for this log file. Data can be never overwritten, or can be overwritten when necessary or when outdated. When data is outdated depends on the OverwriteOutDated value.

Value: Meaning

  • WhenNeeded: The value of OverwriteOutDated equals 0 (zero). Any record can be overwritten to make room for new records.
  • OutDated: The value of OverwriteOutDated ranges from 1 to 365. Records older than a specified number of days can be overwritten to make room for new records.
  • Never: The value of OverwriteOutDated equals 4294967295. Old records are never overwritten.
§Path: Option<String>

Path of the file that contains Windows event. This includes leading and trailing backslashes.

Example: “\windows\system"

§Readable: Option<bool>

If True, a file that contains Windows events can be read.

§Sources: Option<Vec<String>>

List of applications that are registered to log into this log file.

§Status: Option<String>

Current status of the object.

The values are:

  • “OK”
  • “Error”
  • “Degraded”
  • “Unknown”
  • “Pred Fail”
  • “Starting”
  • “Stopping”
  • “Service”
  • “Stressed”
  • “NonRecover”
  • “No Contact”
  • “Lost Comm”
§System: Option<bool>

If True, a file that contains Windows event is a system file.

§Version: Option<String>

Version string from version resource if one is present.

§Writeable: Option<bool>

If True, a file that contains Windows events can be written.

Trait Implementations§

Source§

impl Clone for Win32_NTEventlogFile

Source§

fn clone(&self) -> Win32_NTEventlogFile

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Win32_NTEventlogFile

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Win32_NTEventlogFile

Source§

fn default() -> Win32_NTEventlogFile

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for Win32_NTEventlogFile

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for Win32_NTEventlogFile

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,