Events for Classic ETW tracing. Events for all installed system services. This channel is secured to applications running under system service accounts or user applications running under local adminstrator privileges. Events for all user-level applications. This channel is not secured and open to any applications. Applications which log extensive information should define an application-specific channel. The Windows Audit Log. For exclusive use of the Windows Local Security Authority. User events may appear as audits if supported by the underlying application. Log Always Only critical errors All errors, includes win:Critical All warnings, includes win:Error All informational content, including win:Warning All tracing, including previous levels undefined task An informational event An activity start event An activity end event A trace collection start event A trace collection end event An extensional event A reply event An event representing the activity resuming from the suspension An event representing the activity is suspended, pending another activity's completion An event representing the activity is transferred to another component, and can continue to work An event representing receiving an activity transfer from another component Wild card value Attached to all events providing response time information Attached to all WDI context events Attached to all WDI diag events Attached to all SQM events Attached to all failed security audits Attached to all successful security audits Attached to transfer events where the related Activity ID is a computed value and not a GUID Attached to events raised using classic eventlog API A NULL-terminated UNICODE string. A NULL-terminated ANSI string. A signed 8-bit integer. An unsigned 8-bit integer. An integer in hex format A signed 16-bit integer. An unsigned 16-bit integer An integer in hex format A signed 32-bit integer. A message string corresponding to system HResult error code. An unsigned 32-bit integer. Deprecated, same as win:HexInt32. A message string corresponding to system win32 error code. A message string corresponding to system NTSTATUS error code. An integer in hex format A signed 64-bit integer. An unsigned 64-bit integer. An integer in hex format An IEEE 4-byte floating-point value An IEEE 8-byte floating-point value A 32-bit value where 0 is false, 1 is true. Variable size binary data. A DCE-compliant 128-bit UUID. XML spec: {12345678-1234-4667-1234-123456789abc} A pointer; sized to the current platform (32-bit or 64-bit). XML spec: hex representation of a pointer A Windows FILETIME struct. DateTime string without any marker related with culture. Ex) Left-To-Right A Windows SYSTEMTIME struct. DateTime string without any marker related with culture. Ex) Left-To-Right A self-relative Windows SID structure. XML spec: S-1-0-0. A hexidecimal representation of an unsigned 32-bit integer. Deprecated, same as win:HexInt32. A message string corresponding to system win32 error code. A message string corresponding to system NTSTATUS error code. A hexidecimal representation of an unsigned 64-bit integer.