Link: http://winplat.net/post/2010/10/21/How-to-manually-generate-Event-ID-using-EventCreate-command.aspx
There are times when you need to generate event id of your choice. Probably you need your script to generate some event id on some event or just to test something you need an event. Windows lets you generate event id manually without having programming knowledge, by using EventCreate command line utility.
The EventCreate.exe lets you generate event id between the range of 0 – 1000. To generate event id above 1000, you may need LogEvent.exe.
This utility comes with windows, you simply need to open the command prompt and type in the command. Here is the syntax for the command:
EventCreate /S <Computer> /ID <Event ID> /L <Log Name> /SO <Source name> /T <Type> /D <Event log Description>
where /S is the computer name on which event should be generated. For local computer, omit this switch
/ID is the event id. You can specify a number from 0 to 1000 only.
/L is the event log you want to create event in. Valid parameters are: System and Application
/SO is the Source name for the Event.
/T is the Event Type. Valid parameters are: Success, Warning, Information and Error
/D is the Event log description. Ensure that you mention the message in quotes.
For example:
In above example, We created Event ID 50 with Source ‘Winplat.Net’ and type Error. The event log description says: “This is a test error”
If you want to generate an event with a different user account context then we have to use switches:
/U: Username under which the command should execute
/P: Password for the username provided. If this switch is omitted, you will be prompted for it.
Please Note: EventCreate.exe lets you generate event id ranging from 0-1000 only. To generate an event id above 1000, you need to use LogEvent.exe. Click here to jump to the article on LogEvent.exe.
Event Sources (Windows)
Link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363661(v=vs.85).aspx
Each log in the Eventlog key contains subkeys called event sources. The event source is the name of the software that logs the event. It is often the name of the application or the name of a subcomponent of the application if the application is large. You can add a maximum of 16,384 event sources to the registry. The Security log is for system use only. Device drivers should add their names to the System log. Applications and services should add their names to the Application log or create a custom log.
The structure of the event sources is as follows:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
EventLog
Application
AppName
Security
System
DriverName
CustomLog
AppName
You cannot use a source name that has already been used as a log name. In addition, source names cannot be hierarchical; that is, they cannot contain the backslash character ("\").Each event source contains information (such as a message file) specific to the software that will be logging the events,, as shown in the following table.
| Registry Value | Description |
|---|---|
| CategoryCount | Number of event categories supported. This value is of type REG_DWORD. |
| CategoryMessageFile | Path to the category message file. A category message file contains language-dependent strings that describe the categories. This value can be of type REG_SZ or REG_EXPAND_SZ. |
| EventMessageFile | Path to one or more event message files; use a semicolon to delimit multiple files. An event message file contains language-dependent strings that describe the events. This value can be of type REG_SZ or REG_EXPAND_SZ. |
| ParameterMessageFile | Path to the parameter message file. A parameter message file contains language-independent strings that are to be inserted into the event description strings. This value can be of type REG_SZ or REG_EXPAND_SZ. |
| TypesSupported | Bitmask of supported types. This value is of type REG_DWORD. It can be one or more of the following values:
|
When an application uses the RegisterEventSource or OpenEventLog function to get a handle to an event log, the event logging service searches for the specified event source in the registry. For example, the Application log might contain event sources for Microsoft SQL Server and Microsoft Excel. If an application uses RegisterEventSource or OpenEventLog with a source name of Application, SQL, or Excel, the event logging service returns a handle to the Application log.
An application can use the Application log without adding a new event source to the registry. If the application calls RegisterEventSource and passes a source name that cannot be found in the registry, the event-logging service uses the Application log by default. However, because there are no message files, the Event Viewer cannot map any event identifiers or event categories to a description string, and will display an error. For this reason, you should add a unique event source to the registry for your application and specify a message file.
Run: regedit
under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Add key "appMail"
AddValue as following:
Default REG_SZ (value not set)
EventMessageFile REG_Expand_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
No wyou can Run EventLog.WriteEntry to insert log by application
//if (!EventLog.SourceExists(sSource))
// EventLog.CreateEventSource(sSource, sLog);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Error,1);
No comments:
Post a Comment