|
Event Logging Management Information
Event logging management information is stored in the Services key of the configuration database and can be modified by a system
administrator.
The structure of the configuration information is as follows:
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
EventLog
Application
Security
System
The EventLog key contains several subkeys, called logfiles. The default logfiles are Application, Security, and System. Each logfile subkey can contain subkeys, called sources. You cannot use a source name that has been used as a logfile name, and
source names should not be hierarchical. (The backslash character [\] cannot be used
in a registry key.) Each source entry contains information specific to the
source of the event, as shown in the following table.
Value
| Description
| EventMessageFile
| Specifies the path for the event identifier message file. This value has the type REG_EXPAND_SZ.
| CategoryMessageFile
| Specifies the path for the category message file. The event category and event identifier message strings can be in the same file. This value has
the type REG_EXPAND_SZ.
| ParameterMessageFile
| Specifies the path for the event source's parameter message file. This file
contains language-independent strings that are to be inserted into the event description strings. You can use the same message file for parameter, category, and event
identifier message strings. This value has the type REG_EXPAND_SZ.
| CategoryCount
| Specifies the number of categories supported. This value has the type
REG_DWORD.
| TypesSupported
| Specifies a bitmask of supported types. This value has the type REG_DWORD.
|
When an application uses the RegisterEventSource or OpenEventLog function to get a handle of an event log, the event logging service searches
for the specified source name in the registry. For example, the Application logfile might have configured sources of Microsoft® SQL Server™ and Microsoft® Excel. If an application uses RegisterEventSource or OpenEventLog with a source name of Application, SQL, or Excel, the event logging service
returns a handle to the Application logfile.
An application can use the Application event log without adding a new source key to the registry. If the application
calls RegisterEventSource, passing a source name that cannot be found in the registry, the event
logging service uses the Application logfile by default. However, because there is not a message or category
string file, the event viewer will not be able to map the event identifier or category to a replacement string. For this reason, the recommended
procedure is to add a unique source name for the application to the registry. This
allows you to specify message files for the event identifier and category in your
events. Applications and services should add their source names to the Application logfile. Device drivers should add their source name to the System logfile.
An event viewer application uses the OpenEventLog function to open the event log for an event source. The event viewer can then
use the ReadEventLog function to read event records from the log. ReadEventLog returns a buffer containing an EVENTLOGRECORD structure and additional information that describes a logged event. The EventID member of the EVENTLOGRECORD is the identifier of a description string in the source's event message file.
The event viewer uses the LoadLibrary function to load the file indicated by the source's EventMessageFile registry value. The viewer then uses the FormatMessage function to retrieve the description string from the loaded module.
The description string may contain insertion string placeholders, such as %n, where %1 indicates the first insertion string, and so on. In this case, the
buffer returned by ReadEventLog contains the insertion strings. The NumStrings member of the EVENTLOGRECORD indicates the number of insertion strings. The StringOffset member of the EVENTLOGRECORD indicates the location of the first insertion string in the buffer.
An insertion string may also contain placeholders of the form %%n, where n is the identifier of a string in the source's parameter message file. In this
case, the event viewer uses LoadLibrary and FormatMessage to retrieve the insertion string from the file indicated by the source's ParameterMessageFile registry value.
For more information about using the registry, see Registry. For more information about creating and using message files, see your
message compiler documentation.
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
