How to create Windows EventLog source from command line?
WindowsCommand LineEvent LogWindows Problem Overview
I'm creating an ASP.NET application that will log some stuff to Windows EventLog. To do this an event source has to be created first. This requires administrative priviledges so I cannot do it in the ASP.NET app.
Is there an existing command-line application that is bundled with Windows that can create an event log source, or must I roll out my own?
Windows Solutions
Solution 1 - Windows
Try "eventcreate.exe"
An example:
eventcreate /ID 1 /L APPLICATION /T INFORMATION /SO MYEVENTSOURCE /D "My first log"
This will create a new event source named MYEVENTSOURCE under APPLICATION event log as INFORMATION event type.
I think this utility is included only from XP onwards.
Further reading
-
Windows IT Pro: JSI Tip 5487. Windows XP includes the EventCreate utility for creating custom events.
-
Type
eventcreate /?in CMD prompt -
Microsoft TechNet: Windows Command-Line Reference: Eventcreate
-
SS64: Windows Command-Line Reference: Eventcreate
Solution 2 - Windows
#Try PowerShell 2.0's EventLog cmdlets
Throwing this in for PowerShell 2.0 and upwards:
-
Run
New-EventLogonce to register the event source:New-EventLog -LogName Application -Source MyApp -
Then use
Write-EventLogto write to the log:Write-EventLog -LogName Application -Source MyApp -EntryType Error -Message "Immunity to iocaine powder not detected, dying now" -EventId 1
Solution 3 - Windows
You can also use Windows PowerShell with the following command:
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}
Make sure to check that the source does not exist before calling CreateEventSource, otherwise it will throw an exception.
For more info:
Solution 4 - Windows
eventcreate2 allows you to create custom logs, where eventcreate does not.
Solution 5 - Windows
If someone is interested, it is also possible to create an event source manually by adding some registry values.
Save the following lines as a .reg file, then import it to registry by double clicking it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\YOUR_EVENT_SOURCE_NAME_GOES_HERE]
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\EventLogMessages.dll"
"TypesSupported"=dword:00000007
This creates an event source named YOUR_EVENT_SOURCE_NAME_GOES_HERE.
Solution 6 - Windows
Or just use the command line command:
Eventcreate
Solution 7 - Windows
However the cmd/batch version works you can run into an issue when you want to define an eventID which is higher then 1000. For event creation with an eventID of 1000+ i'll use powershell like this:
$evt=new-object System.Diagnostics.Eventlog(“Define Logbook”)
$evt.Source=”Define Source”
$evtNumber=Define Eventnumber
$evtDescription=”Define description”
$infoevent=[System.Diagnostics.EventLogEntryType]::Define error level
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)
Sample:
$evt=new-object System.Diagnostics.Eventlog(“System”)
$evt.Source=”Tcpip”
$evtNumber=4227
$evtDescription=”This is a Test Event”
$infoevent=[System.Diagnostics.EventLogEntryType]::Warning
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)
Solution 8 - Windows
you can create your own custom event by using diagnostics.Event log class. Open a windows application and on a button click do the following code.
System.Diagnostics.EventLog.CreateEventSource("ApplicationName", "MyNewLog");
"MyNewLog" means the name you want to give to your log in event viewer.
for more information check this link [ http://msdn.microsoft.com/en-in/library/49dwckkz%28v=vs.90%29.aspx]