Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Display Filter Reference: Event Logger

Protocol field name: eventlog
Versions: 1.0.0 to 1.6.5

Back to Display Filter Reference

Field name Type Description Versions
eventlog.eventlog_BackupEventLogW.backupfilename Label Backupfilename 1.0.0 to 1.6.5
eventlog.eventlog_BackupEventLogW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_ChangeNotify.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_ChangeNotify.unknown2 Label Unknown2 1.0.0 to 1.6.5
eventlog.eventlog_ChangeNotify.unknown3 Unsigned integer, 4 bytes Unknown3 1.0.0 to 1.6.5
eventlog.eventlog_ChangeUnknown0.unknown0 Unsigned integer, 4 bytes Unknown0 1.0.0 to 1.6.5
eventlog.eventlog_ChangeUnknown0.unknown1 Unsigned integer, 4 bytes Unknown1 1.0.0 to 1.6.5
eventlog.eventlog_ClearEventLogW.backupfilename Label Backupfilename 1.0.0 to 1.6.5
eventlog.eventlog_ClearEventLogW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_CloseEventLog.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_DeregisterEventSource.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_FlushEventLog.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_GetLogIntormation.cbBufSize Unsigned integer, 4 bytes Cbbufsize 1.0.0 to 1.6.5
eventlog.eventlog_GetLogIntormation.cbBytesNeeded Signed integer, 4 bytes Cbbytesneeded 1.0.0 to 1.6.5
eventlog.eventlog_GetLogIntormation.dwInfoLevel Unsigned integer, 4 bytes Dwinfolevel 1.0.0 to 1.6.5
eventlog.eventlog_GetLogIntormation.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_GetLogIntormation.lpBuffer Unsigned integer, 1 byte Lpbuffer 1.0.0 to 1.6.5
eventlog.eventlog_GetNumRecords.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_GetNumRecords.number Unsigned integer, 4 bytes Number 1.0.0 to 1.6.5
eventlog.eventlog_GetOldestRecord.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_GetOldestRecord.oldest Unsigned integer, 4 bytes Oldest 1.0.0 to 1.6.5
eventlog.eventlog_OpenBackupEventLogW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_OpenBackupEventLogW.logname Label Logname 1.0.0 to 1.6.5
eventlog.eventlog_OpenBackupEventLogW.unknown0 Label Unknown0 1.0.0 to 1.6.5
eventlog.eventlog_OpenBackupEventLogW.unknown2 Unsigned integer, 4 bytes Unknown2 1.0.0 to 1.6.5
eventlog.eventlog_OpenBackupEventLogW.unknown3 Unsigned integer, 4 bytes Unknown3 1.0.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.logname Label Logname 1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.MajorVersion Unsigned integer, 4 bytes Majorversion 1.4.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.MinorVersion Unsigned integer, 4 bytes Minorversion 1.4.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.Module Label Module 1.4.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.RegModuleName Label Regmodulename 1.4.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.servername Label Servername 1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown0 Label Unknown0 1.0.0 to 1.6.5
eventlog.eventlog_OpenEventLogW.unknown2 Unsigned integer, 4 bytes Unknown2 1.0.0 to 1.2.18
eventlog.eventlog_OpenEventLogW.unknown3 Unsigned integer, 4 bytes Unknown3 1.0.0 to 1.2.18
eventlog.eventlog_OpenUnknown0.unknown0 Unsigned integer, 2 bytes Unknown0 1.0.0 to 1.6.5
eventlog.eventlog_OpenUnknown0.unknown1 Unsigned integer, 2 bytes Unknown1 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.data Unsigned integer, 1 byte Data 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.flags Unsigned integer, 4 bytes Flags 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.number_of_bytes Unsigned integer, 4 bytes Number Of Bytes 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.offset Unsigned integer, 4 bytes Offset 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.real_size Unsigned integer, 4 bytes Real Size 1.0.0 to 1.6.5
eventlog.eventlog_ReadEventLogW.sent_size Unsigned integer, 4 bytes Sent Size 1.0.0 to 1.6.5
eventlog.eventlog_Record.closing_record_number Unsigned integer, 4 bytes Closing Record Number 1.0.0 to 1.6.5
eventlog.eventlog_Record.computer_name Label Computer Name 1.0.0 to 1.6.5
eventlog.eventlog_Record.data_length Unsigned integer, 4 bytes Data Length 1.0.0 to 1.6.5
eventlog.eventlog_Record.data_offset Unsigned integer, 4 bytes Data Offset 1.0.0 to 1.6.5
eventlog.eventlog_Record.event_category Unsigned integer, 2 bytes Event Category 1.0.0 to 1.6.5
eventlog.eventlog_Record.event_id Unsigned integer, 4 bytes Event Id 1.0.0 to 1.6.5
eventlog.eventlog_Record.event_type Unsigned integer, 2 bytes Event Type 1.0.0 to 1.6.5
eventlog.eventlog_Record.num_of_strings Unsigned integer, 2 bytes Num Of Strings 1.0.0 to 1.6.5
eventlog.eventlog_Record.raw_data Label Raw Data 1.0.0 to 1.6.5
eventlog.eventlog_Record.record_number Unsigned integer, 4 bytes Record Number 1.0.0 to 1.6.5
eventlog.eventlog_Record.reserved Unsigned integer, 4 bytes Reserved 1.0.0 to 1.6.5
eventlog.eventlog_Record.reserved_flags Unsigned integer, 2 bytes Reserved Flags 1.0.0 to 1.6.5
eventlog.eventlog_Record.sid_length Unsigned integer, 4 bytes Sid Length 1.0.0 to 1.6.5
eventlog.eventlog_Record.sid_offset Unsigned integer, 4 bytes Sid Offset 1.0.0 to 1.6.5
eventlog.eventlog_Record.size Unsigned integer, 4 bytes Size 1.0.0 to 1.6.5
eventlog.eventlog_Record.source_name Label Source Name 1.0.0 to 1.6.5
eventlog.eventlog_Record.stringoffset Unsigned integer, 4 bytes Stringoffset 1.0.0 to 1.6.5
eventlog.eventlog_Record.strings Label Strings 1.0.0 to 1.6.5
eventlog.eventlog_Record.time_generated Unsigned integer, 4 bytes Time Generated 1.0.0 to 1.6.5
eventlog.eventlog_Record.time_written Unsigned integer, 4 bytes Time Written 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.handle Sequence of bytes Handle 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.logname Label Logname 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.servername Label Servername 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.unknown0 Label Unknown0 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.unknown2 Unsigned integer, 4 bytes Unknown2 1.0.0 to 1.6.5
eventlog.eventlog_RegisterEventSourceW.unknown3 Unsigned integer, 4 bytes Unknown3 1.0.0 to 1.6.5
eventlog.eventlog_ReportEventW.computer_name Label Computer Name 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.data_length Unsigned integer, 4 bytes Data Length 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.event_category Unsigned integer, 2 bytes Event Category 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.event_id Unsigned integer, 4 bytes Event Id 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.handle Sequence of bytes Handle 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.num_of_strings Unsigned integer, 2 bytes Num Of Strings 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.time Unsigned integer, 4 bytes Time 1.4.0 to 1.6.5
eventlog.eventlog_ReportEventW.Type Unsigned integer, 4 bytes Type 1.4.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_FAILURE Boolean Eventlog Audit Failure 1.0.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_AUDIT_SUCCESS Boolean Eventlog Audit Success 1.0.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_ERROR_TYPE Boolean Eventlog Error Type 1.0.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_INFORMATION_TYPE Boolean Eventlog Information Type 1.0.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_SUCCESS Boolean Eventlog Success 1.0.0 to 1.6.5
eventlog.eventlogEventTypes.EVENTLOG_WARNING_TYPE Boolean Eventlog Warning Type 1.0.0 to 1.6.5
eventlog.eventlogReadFlags.EVENTLOG_BACKWARDS_READ Boolean Eventlog Backwards Read 1.0.0 to 1.6.5
eventlog.eventlogReadFlags.EVENTLOG_FORWARDS_READ Boolean Eventlog Forwards Read 1.0.0 to 1.6.5
eventlog.eventlogReadFlags.EVENTLOG_SEEK_READ Boolean Eventlog Seek Read 1.0.0 to 1.6.5
eventlog.eventlogReadFlags.EVENTLOG_SEQUENTIAL_READ Boolean Eventlog Sequential Read 1.0.0 to 1.6.5
eventlog.opnum Unsigned integer, 2 bytes Operation 1.0.0 to 1.6.5
eventlog.Record Label Record 1.0.0 to 1.6.5
eventlog.Record.computer_name Character string Computer Name 1.0.0 to 1.6.5
eventlog.Record.length Unsigned integer, 4 bytes Record Length 1.0.0 to 1.6.5
eventlog.Record.source_name Character string Source Name 1.0.0 to 1.6.5
eventlog.Record.string Character string string 1.0.0 to 1.6.5
eventlog.status Unsigned integer, 4 bytes NT Error 1.0.0 to 1.6.5

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation