The IEventService interface is the RPC interface used to communicate with the Windows event logging service service.
The interface is used over a dynamic TCP endpoint, registered in the endpoint mapper database, as shown below:
[...] IfId: f6beaff7-1e19-4fbb-9f8f-b89e2018337c version 1.0 Annotation: Event log TCPIP UUID: 00000000-0000-0000-0000-000000000000 Binding: ncacn_np:127.0.0.1[\\pipe\\eventlog] IfId: f6beaff7-1e19-4fbb-9f8f-b89e2018337c version 1.0 Annotation: Event log TCPIP UUID: 00000000-0000-0000-0000-000000000000 Binding: ncacn_ip_tcp:127.0.0.1[49153] [...]
For more information about the Windows Event Log API, see the documentation in the Microsoft Windows SDK.
Table 4.129. IEventService operations
| Interface | Operation number | Operation name | Windows API |
|---|---|---|---|
| f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0: IEventService | |||
| 0x00 | EvtRpcRegisterRemoteSubscription | ||
| 0x01 | EvtRpcUpdateRemoteSubscription | ||
| 0x02 | EvtRpcRemoteSubscriptionNextAsync | ||
| 0x03 | EvtRpcRemoteSubscriptionNext | ||
| 0x04 | EvtRpcRemoteSubscriptionWaitAsync | ||
| 0x05 | EvtRpcRegisterLogQuery | ||
| 0x06 | EvtRpcClearLog | ||
| 0x07 | EvtRpcExportLog | ||
| 0x08 | EvtRpcLocalizeExportLog | ||
| 0x09 | EvtRpcMessageRender | ||
| 0x0a | EvtRpcMessageRenderDefault | ||
| 0x0b | EvtRpcQueryNext | ||
| 0x0c | EvtRpcQuerySeek | ||
| 0x0d | EvtRpcClose | ||
| 0x0e | EvtRpcAssertConfig | ||
| 0x0f | EvtRpcRetractConfig | ||
| 0x10 | EvtRpcOpenLogHandle | ||
| 0x11 | EvtRpcGetLogFileInfo | ||
| 0x12 | EvtRpcGetChannelList | ||
| 0x13 | EvtRpcGetChannelConfig | ||
| 0x14 | EvtRpcPutChannelConfig | ||
| 0x15 | EvtRpcGetPublisherList | ||
| 0x16 | EvtRpcGetPublisherMetadata | ||
| 0x17 | EvtRpcGetPublisherResourceMetadata | ||
| 0x18 | EvtRpcGetEventMetadataEnum | ||
| 0x19 | EvtRpcGetNextEventMetadata |