Compaq Microsoft Windows Event ID and SNMP Traps (230-DP-3700-06) っていう PDF ファイルが何でか手元にあって (Web で探したのだけど見つけられなかった。確かダウンロードした覚えがあるのだけど・・・)、そこの 3 ページ目にこんな記述が。

NT Event Log Format
The following pages contain Compaq Insight Management events that are entered into the Microsoft Windows NT Event Log when they occur.
Values are 32 bit values laid out as follows:

3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0































































































































+

































































    

    
Sev
    
C
    
R
    
       Facility        
    
             Code              
    
































































































































+

where
Sev - is the severity code
00 - Success
01 - Informational
10 - Warning
11 - Error
C - is the Customer code flag
R - is a reserved bit
Facility - is the facility code (always "CPQ")
Code - is the facility's status code - the event # - the upper byte refers to the Insight Agent that served the event, the lower byte is the actual event #.

他ごとで手が回らないのでとりあえずメモ。