Well, it looks like this is a very old thread that landed here to find a good Report Event example ... but realized you didn't get any answers ... and probably already found a solution.
The reason you see “Event ID not found” is because EventViewer cannot load / search the text resource that will be displayed for the event ID. Sorry if the last line sounded geeky .. but this is what I understand EventLog:
-EventLogging has two aspects
- Register with EventLog (or in other words, create an EventSource)
- Record or write to the event log
- View or read from a magazine
When you register in the event log, you simply specify eventSource (any name that identifies this log) + EventMessageFile, category file and supported item types. Here, EventMessageFile points to a DLL / EXE that contains message descriptions / resources.
When you register an event, you simply register it using some data, such as EventID, category ID and EventData. But when you view it using any EventViewer (or Windows eventVwr.exe), the viewer reads your events, looks for the DLL / EXE associated with your eventSource (specified by EventMessageFile), and displays the decription from the resource section of this DLL / EXE.
This DLL is nothing more than a simple resource file that has been compiled using MessageCompiler and contains a "MessageTable". This is to ensure the registration of cultural events.
This is the reason. When you export a log to XML / TXT, etc. from his EventViewer, he asks you if you want to save it “with display information” or “without display information” so that you can view it on computers that do not have EventMessageFile.
JFYI registry entry is located at:
HKLM\CurrentControlSet\System\Services\EventLog\Application
one catch: if you are interested in how .NET does this ... it just does this by providing an EventMessageFile named EventLogMessage.dll (found under %SYSTEMROOT%\Microsoft.Net\Framework\vXXXX\ ) by %SYSTEMROOT%\Microsoft.Net\Framework\vXXXX\