I want to register a callback so my code can receive and process all new event logs for Microsoft-Windows-WMI-Activity/Trace.
To clarify, the log path for Microsoft-Windows-WMI-Activity/Trace is %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WMI-Activity%4Trace.etl, and in the Windows Event Viewer, these events can be found in the tree under Application and Services Logs > Microsoft > Windows > WMI-Activity > Trace.
I know EvtSubscribe() can be used to subscribe to events on channels, but I want to know if this function can also be used for subscribing to events on Microsoft-Windows-WMI-Activity/Trace.
I know for the ChannelPath parameter, it says on the function's docs page that
you cannot subscribe to Analytic or Debug channels
When I view the properties for Microsoft-Windows-WMI-Activity/Trace in Event Viewer, I see the log is of type Analytic, so it seems I cannot subscribe with this function:
My questions:
- Can I use this function to subscribe to Microsoft-Windows-WMI-Activity/Trace?
- If I cannot with this function, is there some other function in the Windows API that I can use instead that will allow me to subscribe?
