1. 技术文章
  2. Create Event Log in Sub Directory under Applications and Settings Logs

Create Event Log in Sub Directory under Applications and Settings Logs

£可爱£侵袭症+ 提交于 2019-12-11 10:17:31

问题


I have been searching for ages to find a way to create a number of separate event logs under a sub directory of Applications and Services Logs, in the same way that there is a Sub directory Microsoft then it has a sub directory Windows then various other Directories with the App log in

\Applications and Services\Microsoft\Windows\All-User-Install-Agents \Applications and Services\Microsoft\Windows\AppHost ...

I would like to create something like the following

\Applications and Services\My Company\Application 1 \Applications and Services\My Company\Application 2 \Applications and Services\My Company\Application 3

All the samples I have come across only allow you to create the log directly under the \Applications and Services directory and not make a sub directory.

Thanks


回答1:


I was struggling to get the subfolder piece working as well, as I would like to have a structure like:

- Application and Services Logs
-- Company Name
--- Application 1
---- ApplicationLog
--- Application 2
---- SecurityLog
---- OperationalLog

I could not find any way to do this directly using C or PowerShell, however after doing some trial and error with registry keys and the documentation provided at https://docs.microsoft.com/en-us/windows/desktop/eventlog/eventlog-key I finally got it to work.

It seems that you need to create keys at HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels, where the primary registry key name is key to the 'folder' structure. a '-' is seen as a deeper structure. So for example: CompanyName\Application\Log, should be a key named CompanyName-Application-Log.

Below is an example script to do this using PowerShell:

# Create the eventlog (in a subfolder structure)
# Params()
$PrimaryEventKey = 'Company'
$ApplicationName = 'Application'
$LogName = 'NewLog'

# Vars()
$primarylocation = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels'
$LogName = $PrimaryEventKey + '-' + $ApplicationName + '-' + $LogName
$EventRoot = (Join-Path $primarylocation $LogName)

if (!(Test-Path $EventRoot)) {
New-Item -Path ($secondarylocation + '\' + $Logname)
New-ItemProperty -Path ($secondarylocation + '\' + $Logname) -Name providerGuid -PropertyType String -Value "{$($GUID)}"

New-Item -Path $EventRoot
New-ItemProperty -Path $EventRoot -Name Enabled -PropertyType DWord -Value 1
New-ItemProperty -Path $EventRoot -Name Type -PropertyType DWord -Value 1
New-ItemProperty -Path $EventRoot -Name Isolation -PropertyType DWord -Value 0
New-ItemProperty -Path $EventRoot -Name RestrictGuestAccess -PropertyType String -Value 1
New-ItemProperty -Path $EventRoot -Name OwningPublisher -PropertyType String -Value "{$($GUID)}"

    # See https://docs.microsoft.com/en-us/windows/desktop/eventlog/eventlog-key for documentation on the ChannelAccess or or RestrictGuestAccess (see: RestrictGuestAccess / Isolation)
}
else {
    Write-Warning 'Event Log (Key) Already exists in registry'
}

# Write into the event log (Example)
$eventType = ([System.Diagnostics.EventLogEntryType]::Information)
$evt = New-Object System.Diagnostics.EventLog($LogName)
$evt.Source = "SomeSource"
$evt.WriteEntry("random message", $eventType, 60001)


来源:https://stackoverflow.com/questions/26335960/create-event-log-in-sub-directory-under-applications-and-settings-logs

标签
c#
event-log
windows-server-2012-r2
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!