Is it possible to use EvtSubscribe() to subscribe to Microsoft-Windows-WMI-Activity/Trace event logs?
Question
I want to register a callback so my code can receive and process all new event logs for Microsoft-Windows-WMI-Activity/Trace.
To clarify, the log path for Microsoft-Windows-WMI-Activity/Trace is %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WMI-Activity%4Trace.etl , and in the Windows Event Viewer, these events can be found in the tree under Application and Services Logs > Microsoft > Windows > WMI-Activity > Trace.
I know EvtSubscribe() can be used to subscribe to events on channels, but I want to know if this function can also be used for subscribing to events on Microsoft-Windows-WMI-Activity/Trace.
I know for the ChannelPath parameter, it says on the function's docs page that
you cannot subscribe to Analytic or Debug channels
When I view the properties for Microsoft-Windows-WMI-Activity/Trace in Event Viewer, I see the log is of type Analytic, so it seems I cannot subscribe with this function:
My questions:
- Can I use this function to subscribe to Microsoft-Windows-WMI-Activity/Trace?
- If I cannot with this function, is there some other function in the Windows API that I can use instead that will allow me to subscribe?
1 answers
solution1
0 2022-04-15 03:25:24
As you can see in the article
you
cannot subscribeto Analytic or Debug channels
EvtSubscribe() cannot subscribe to Microsoft-Windows-WMI-Activity/Trace.
Explained in the introduction to the Event Types
-Direct channel
You cannot subscribe to a direct channel, but you can query a direct channel.
A direct channel is performance-oriented. Events are not processed in any way by the eventing system. This allows the direct channel to support high volumes of events.
Direct channels have the following types:
Analytic
Analytic events are published in high volume. They describe program operation and indicate problems that cannot be handled by user intervention.
At present, in the officially provided method, seems to only be viewable through the Event Viewer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.