Kiran's Blog

Ramblings from a dehydrated mind…

  • Archives

    • 14,897

Event logging using event viewer..

Posted by kiraninbng on July 14, 2006


Event logging is a way for applications /operating system  to log important events.The event-logging service stores events from
various sources in a single collection called an event log.The Event Viewer enables you to view logs.

Below are the steps to create an entry in the event viewer,

1. Create a message file
Ex :
; /* Sample.mc
;
; This is a sample message file. It contains a comment block, followed by a
; header section, followed by messages in two languages.
;
; */

; // This is the header section.

MessageIdTypedef=DWORD

SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
               Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
               Warning=0x2:STATUS_SEVERITY_WARNING
               Error=0x3:STATUS_SEVERITY_ERROR
              )

FacilityNames=(System=0x0:FACILITY_SYSTEM
               Runtime=0x2:FACILITY_RUNTIME
               Stubs=0x3:FACILITY_STUBS
               Io=0x4:FACILITY_IO_ERROR_CODE
              )

LanguageNames=(English=0x409:MSG00409)

; // The following are message definitions.
MessageId=100
SymbolicName=EVMSG_SAMPLE
Language=English
The is a sample message file.

2. Using message compiler compile it into a resource script file
Ex : mc -U Sample.mc 

3. Using resource compiler compile the rc file into a binary res file
Ex: rc -r Sample.rc

4. Create a reource only dll using the res file
Ex: link -dll -noentry Sample.res

5. Add a event source to registry,also put an entry for message file

HKEY_LOCAL_MACHINE
     SYSTEM
          CurrentControlSet
               Services
                    EventLog
                         Application
                              <MYAPPLICATION>
-Create a EventMessageType value under MYAPPLICATION ,and set the value to the  message dll generated using step 4

6. Get the handle to the eventlog source in the registry
7. Log the event into the log
8. Release the handle

Sample code for steps 6 to 8
——————————————

HANDLE h;
h = RegisterEventSource(NULL,”MYAPPLICATION”);           // Step 6

if (!ReportEvent(h,EVENTLOG_ERROR_TYPE,0,100,NULL,0,0,NULL,NULL))                // Step 7
{
   printf(“Could not report the event.”);
}

DeregisterEventSource(h); //Step 8

9. Read/open the log programatically or view it using eventvwr.
   -Run EventVwr and check the for the event entry

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: