How to create Windows EventLog source from command line?

Question

I'm creating an ASP.NET application that will log some stuff to Windows EventLog. To do this an event source has to be created first. This requires administrative priviledges so I cannot do it in the ASP.NET app.

Is there an existing command-line application that is bundled with Windows that can create an event log source, or must I roll out my own?

Answer 1

Try "eventcreate.exe"

An example:

eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO MYEVENTSOURCE /D "My first log"

This will create a new event source named MYEVENTSOURCE under APPLICATION event log as INFORMATION event type.

I think this utility is included only from XP onwards.

Further reading

• Windows IT Pro: JSI Tip 5487. Windows XP includes the EventCreate utility for creating custom events.

• Type eventcreate /? in CMD prompt

• Microsoft TechNet: Windows Command-Line Reference: Eventcreate

• SS64: Windows Command-Line Reference: Eventcreate

Answer 2

Try PowerShell 2.0's EventLog cmdlets

Throwing this in for PowerShell 2.0 and upwards:

• Run New-EventLog once to register the event source:

  New-EventLog -LogName Application -Source MyApp
  

• Then use Write-EventLog to write to the log:

  Write-EventLog 
      -LogName Application 
      -Source MyApp 
      -EntryType Error 
      -Message "Immunity to iocaine powder not detected, dying now" 
      -EventId 1
  

Answer 3

You can also use Windows PowerShell with the following command:

if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
    [System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}

Make sure to check that the source does not exist before calling CreateEventSource, otherwise it will throw an exception.

For more info:

• http://msdn.microsoft.com/en-us/library/9t766zhb.aspx

Answer 4

eventcreate2 allows you to create custom logs, where eventcreate does not.

Answer 5

If someone is interested, it is also possible to create an event source manually by adding some registry values.

Save the following lines as a .reg file, then import it to registry by double clicking it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\YOUR_EVENT_SOURCE_NAME_GOES_HERE]
"EventMessageFile"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\EventLogMessages.dll"
"TypesSupported"=dword:00000007

This creates an event source named YOUR_EVENT_SOURCE_NAME_GOES_HERE.

Answer 6

Or just use the command line command:

Eventcreate

Answer 7

However the cmd/batch version works you can run into an issue when you want to define an eventID which is higher then 1000. For event creation with an eventID of 1000+ i'll use powershell like this:

$evt=new-object System.Diagnostics.Eventlog(“Define Logbook”)
$evt.Source=”Define Source”
$evtNumber=Define Eventnumber
$evtDescription=”Define description”
$infoevent=[System.Diagnostics.EventLogEntryType]::Define error level
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber) 

Sample:

$evt=new-object System.Diagnostics.Eventlog(“System”)
$evt.Source=”Tcpip”
$evtNumber=4227
$evtDescription=”This is a Test Event”
$infoevent=[System.Diagnostics.EventLogEntryType]::Warning
$evt.WriteEntry($evtDescription,$infoevent,$evtNumber)

Answer 8

you can create your own custom event by using diagnostics.Event log class. Open a windows application and on a button click do the following code.

System.Diagnostics.EventLog.CreateEventSource("ApplicationName", "MyNewLog");

"MyNewLog" means the name you want to give to your log in event viewer.

for more information check this link [ http://msdn.microsoft.com/en-in/library/49dwckkz%28v=vs.90%29.aspx]