Wireshark · Display Filter Reference: Event Logger

Field name	Description	Type	Versions
eventlog.eventlog_BackupEventLogW.backupfilename	Backupfilename	Character string	1.0.0 to 4.4.2
eventlog.eventlog_BackupEventLogW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_ChangeNotify.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_ChangeNotify.unknown2	Unknown2	Label	1.0.0 to 4.4.2
eventlog.eventlog_ChangeNotify.unknown3	Unknown3	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ChangeUnknown0.unknown0	Unknown0	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ChangeUnknown0.unknown1	Unknown1	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ClearEventLogW.backupfilename	Backupfilename	Character string	1.0.0 to 4.4.2
eventlog.eventlog_ClearEventLogW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_CloseEventLog.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_DeregisterEventSource.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_FlushEventLog.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_GetLogInformation.cbBufSize	CbBufSize	Unsigned integer (32 bits)	4.4.0 to 4.4.2
eventlog.eventlog_GetLogInformation.cbBytesNeeded	CbBytesNeeded	Signed integer (32 bits)	4.4.0 to 4.4.2
eventlog.eventlog_GetLogInformation.dwInfoLevel	DwInfoLevel	Unsigned integer (32 bits)	4.4.0 to 4.4.2
eventlog.eventlog_GetLogInformation.handle	Handle	Byte sequence	4.4.0 to 4.4.2
eventlog.eventlog_GetLogInformation.lpBuffer	LpBuffer	Unsigned integer (8 bits)	4.4.0 to 4.4.2
eventlog.eventlog_GetLogIntormation.cbBufSize	CbBufSize	Unsigned integer (32 bits)	1.0.0 to 4.2.9
eventlog.eventlog_GetLogIntormation.cbBytesNeeded	CbBytesNeeded	Signed integer (32 bits)	1.0.0 to 4.2.9
eventlog.eventlog_GetLogIntormation.dwInfoLevel	DwInfoLevel	Unsigned integer (32 bits)	1.0.0 to 4.2.9
eventlog.eventlog_GetLogIntormation.handle	Handle	Byte sequence	1.0.0 to 4.2.9
eventlog.eventlog_GetLogIntormation.lpBuffer	LpBuffer	Unsigned integer (8 bits)	1.0.0 to 4.2.9
eventlog.eventlog_GetNumRecords.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_GetNumRecords.number	Number	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_GetOldestRecord.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_GetOldestRecord.oldest	Oldest	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_OpenBackupEventLogW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_OpenBackupEventLogW.logname	Logname	Character string	1.0.0 to 4.4.2
eventlog.eventlog_OpenBackupEventLogW.unknown0	Unknown0	Label	1.0.0 to 4.4.2
eventlog.eventlog_OpenBackupEventLogW.unknown2	Unknown2	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_OpenBackupEventLogW.unknown3	Unknown3	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.logname	Logname	Label	1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.MajorVersion	MajorVersion	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.MinorVersion	MinorVersion	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.Module	Module	Character string	1.4.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.RegModuleName	RegModuleName	Character string	1.4.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.servername	Servername	Label	1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown0	Unknown0	Label	1.0.0 to 4.4.2
eventlog.eventlog_OpenEventLogW.unknown2	Unknown2	Unsigned integer (32 bits)	1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown3	Unknown3	Unsigned integer (32 bits)	1.0.0 to 1.2.18
eventlog.eventlog_OpenUnknown0.unknown0	Unknown0	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_OpenUnknown0.unknown1	Unknown1	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.data	Data	Unsigned integer (8 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.flags	Flags	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.number_of_bytes	Number Of Bytes	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.offset	Offset	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.real_size	Real Size	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReadEventLogW.sent_size	Sent Size	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.closing_record_number	Closing Record Number	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.computer_name	Computer Name	Character string	1.0.0 to 4.4.2
eventlog.eventlog_Record.data_length	Data Length	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.data_offset	Data Offset	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.event_category	Event Category	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.event_id	Event Id	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.event_type	Event Type	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.num_of_strings	Num Of Strings	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.raw_data	Raw Data	Character string	1.0.0 to 4.4.2
eventlog.eventlog_Record.record_number	Record Number	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.reserved	Reserved	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.reserved_flags	Reserved Flags	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.sid_length	Sid Length	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.sid_offset	Sid Offset	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.size	Size	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.source_name	Source Name	Character string	1.0.0 to 4.4.2
eventlog.eventlog_Record.stringoffset	Stringoffset	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.strings	Strings	Character string	1.0.0 to 4.4.2
eventlog.eventlog_Record.time_generated	Time Generated	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_Record.time_written	Time Written	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.handle	Handle	Byte sequence	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.logname	Logname	Character string	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.servername	Servername	Character string	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.unknown0	Unknown0	Label	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.unknown2	Unknown2	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_RegisterEventSourceW.unknown3	Unknown3	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.eventlog_ReportEventW.computer_name	Computer Name	Character string	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.data_length	Data Length	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.event_category	Event Category	Unsigned integer (16 bits)	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.event_id	Event Id	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.handle	Handle	Byte sequence	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.num_of_strings	Num Of Strings	Unsigned integer (16 bits)	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.time	Time	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlog_ReportEventW.Type	Type	Unsigned integer (32 bits)	1.4.0 to 4.4.2
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE	EVENTLOG AUDIT FAILURE	Boolean	1.0.0 to 4.4.2
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS	EVENTLOG AUDIT SUCCESS	Boolean	1.0.0 to 4.4.2
eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE	EVENTLOG ERROR TYPE	Boolean	1.0.0 to 4.4.2
eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE	EVENTLOG INFORMATION TYPE	Boolean	1.0.0 to 4.4.2
eventlog.eventlogEventTypes.EVENTLOG_SUCCESS	Eventlog Success	Boolean	1.0.0 to 2.2.1
eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE	EVENTLOG WARNING TYPE	Boolean	1.0.0 to 4.4.2
eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ	EVENTLOG BACKWARDS READ	Boolean	1.0.0 to 4.4.2
eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ	EVENTLOG FORWARDS READ	Boolean	1.0.0 to 4.4.2
eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ	EVENTLOG SEEK READ	Boolean	1.0.0 to 4.4.2
eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ	EVENTLOG SEQUENTIAL READ	Boolean	1.0.0 to 4.4.2
eventlog.opnum	Operation	Unsigned integer (16 bits)	1.0.0 to 4.4.2
eventlog.Record	Record	Label	1.0.0 to 4.4.2
eventlog.Record.computer_name	Computer Name	Character string	1.0.0 to 4.4.2
eventlog.Record.length	Record Length	Unsigned integer (32 bits)	1.0.0 to 4.4.2
eventlog.Record.source_name	Source Name	Character string	1.0.0 to 4.4.2
eventlog.Record.string	string	Character string	1.0.0 to 4.4.2
eventlog.status	NT Error	Unsigned integer (32 bits)	1.0.0 to 4.4.2