Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Display Filter Reference: Event Logger

Protocol field name: eventlog

Versions: 1.0.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
eventlog.eventlog_BackupEventLogW.backupfilenameBackupfilenameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_BackupEventLogW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_ChangeNotify.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_ChangeNotify.unknown2Unknown2Label1.0.0 to 4.2.4
eventlog.eventlog_ChangeNotify.unknown3Unknown3Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ChangeUnknown0.unknown0Unknown0Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ChangeUnknown0.unknown1Unknown1Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ClearEventLogW.backupfilenameBackupfilenameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_ClearEventLogW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_CloseEventLog.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_DeregisterEventSource.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_FlushEventLog.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_GetLogIntormation.cbBufSizeCbBufSizeUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_GetLogIntormation.cbBytesNeededCbBytesNeededSigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_GetLogIntormation.dwInfoLevelDwInfoLevelUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_GetLogIntormation.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_GetLogIntormation.lpBufferLpBufferUnsigned integer (8 bits)1.0.0 to 4.2.4
eventlog.eventlog_GetNumRecords.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_GetNumRecords.numberNumberUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_GetOldestRecord.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_GetOldestRecord.oldestOldestUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_OpenBackupEventLogW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_OpenBackupEventLogW.lognameLognameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_OpenBackupEventLogW.unknown0Unknown0Label1.0.0 to 4.2.4
eventlog.eventlog_OpenBackupEventLogW.unknown2Unknown2Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_OpenBackupEventLogW.unknown3Unknown3Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.lognameLognameLabel1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.MajorVersionMajorVersionUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.MinorVersionMinorVersionUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.ModuleModuleCharacter string1.4.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.RegModuleNameRegModuleNameCharacter string1.4.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.servernameServernameLabel1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown0Unknown0Label1.0.0 to 4.2.4
eventlog.eventlog_OpenEventLogW.unknown2Unknown2Unsigned integer (32 bits)1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown3Unknown3Unsigned integer (32 bits)1.0.0 to 1.2.18
eventlog.eventlog_OpenUnknown0.unknown0Unknown0Unsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_OpenUnknown0.unknown1Unknown1Unsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.dataDataUnsigned integer (8 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.flagsFlagsUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.number_of_bytesNumber Of BytesUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.offsetOffsetUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.real_sizeReal SizeUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReadEventLogW.sent_sizeSent SizeUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.closing_record_numberClosing Record NumberUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.computer_nameComputer NameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_Record.data_lengthData LengthUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.data_offsetData OffsetUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.event_categoryEvent CategoryUnsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.event_idEvent IdUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.event_typeEvent TypeUnsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.num_of_stringsNum Of StringsUnsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.raw_dataRaw DataCharacter string1.0.0 to 4.2.4
eventlog.eventlog_Record.record_numberRecord NumberUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.reservedReservedUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.reserved_flagsReserved FlagsUnsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.sid_lengthSid LengthUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.sid_offsetSid OffsetUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.sizeSizeUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.source_nameSource NameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_Record.stringoffsetStringoffsetUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.stringsStringsCharacter string1.0.0 to 4.2.4
eventlog.eventlog_Record.time_generatedTime GeneratedUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_Record.time_writtenTime WrittenUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.handleHandleByte sequence1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.lognameLognameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.servernameServernameCharacter string1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.unknown0Unknown0Label1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.unknown2Unknown2Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_RegisterEventSourceW.unknown3Unknown3Unsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.eventlog_ReportEventW.computer_nameComputer NameCharacter string1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.data_lengthData LengthUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.event_categoryEvent CategoryUnsigned integer (16 bits)1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.event_idEvent IdUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.handleHandleByte sequence1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.num_of_stringsNum Of StringsUnsigned integer (16 bits)1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.timeTimeUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlog_ReportEventW.TypeTypeUnsigned integer (32 bits)1.4.0 to 4.2.4
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILUREEVENTLOG AUDIT FAILUREBoolean1.0.0 to 4.2.4
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESSEVENTLOG AUDIT SUCCESSBoolean1.0.0 to 4.2.4
eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPEEVENTLOG ERROR TYPEBoolean1.0.0 to 4.2.4
eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPEEVENTLOG INFORMATION TYPEBoolean1.0.0 to 4.2.4
eventlog.eventlogEventTypes.EVENTLOG_SUCCESSEventlog SuccessBoolean1.0.0 to 2.2.1
eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPEEVENTLOG WARNING TYPEBoolean1.0.0 to 4.2.4
eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READEVENTLOG BACKWARDS READBoolean1.0.0 to 4.2.4
eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READEVENTLOG FORWARDS READBoolean1.0.0 to 4.2.4
eventlog.eventlogReadFlags.EVENTLOG_SEEK_READEVENTLOG SEEK READBoolean1.0.0 to 4.2.4
eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READEVENTLOG SEQUENTIAL READBoolean1.0.0 to 4.2.4
eventlog.opnumOperationUnsigned integer (16 bits)1.0.0 to 4.2.4
eventlog.RecordRecordLabel1.0.0 to 4.2.4
eventlog.Record.computer_nameComputer NameCharacter string1.0.0 to 4.2.4
eventlog.Record.lengthRecord LengthUnsigned integer (32 bits)1.0.0 to 4.2.4
eventlog.Record.source_nameSource NameCharacter string1.0.0 to 4.2.4
eventlog.Record.stringstringCharacter string1.0.0 to 4.2.4
eventlog.statusNT ErrorUnsigned integer (32 bits)1.0.0 to 4.2.4

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube