Geek Answers Handbook

Add event log to registry

I am trying to access the ForwardedEvents event log on the server using

el = new EventLog("ForwardedEvents", serverName);

this does not work.

I believe that it does not work because the log is not in the registry where the Eventlog expects to find it (HKLM / System / CurrentControlSet / Services / Eventlog / ..).

How to add a journal to the registry so that it can be found, or is there another way to access the journal that is not listed at this point?

+8
c # registry event-log
source share
3 answers

I fixed the problem by creating a new registry entry for the log: (HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ EventLog \ LOGNAME).

Did it by .. (on a Windows 2008 R2 server).

1) Right-click on the parent folder (eventlog) β†’ Create β†’ Key

2) Name the key as the evtx file found in (C: \ Windows \ System32 \ winevt \ Logs \ LOGNAME)

3) In the right pane of the registry explorer, right-click β†’ new β†’ Extensible string value

4) Name the newly created REG_EXPAND_SZ "File"

5) Right-click the name "File"

6) Change

7) In the "Value data" field, add the path to the evtx file, for example

(% SystemRoot% \ System32 \ winevt \ Logs \ ForwardedEvents.evtx)

+9
source share

If you still want to do this programmatically, rather than manually create a journal through the registry, there is a way. You need to check and see if an EventSource , and if you don't need it, you need to create one. This should happen all before you try to create an instance of EventLog with this source. Just pay attention to the delay between creation and use, so be sure to handle this (see http://msdn.microsoft.com/en-us/library/2awhba7a (v = vs .110) .aspx for more information).

 // Create the source, if it does not already exist. if(!EventLog.SourceExists("MySource")) { //An event log source should not be created and immediately used. //There is a latency time to enable the source, it should be created //prior to executing the application that uses the source. //Execute this sample a second time to use the new source. EventLog.CreateEventSource("MySource", "MyNewLog"); Console.WriteLine("CreatedEventSource"); Console.WriteLine("Exiting, execute the application a second time to use the source."); // The source is created. Exit the application to allow it to be registered. return; } // Create an EventLog instance and assign its source. EventLog myLog = new EventLog(); myLog.Source = "MySource"; // Write an informational entry to the event log. myLog.WriteEntry("Writing to event log.");
+2
source share

This is close to the other registry solution proposed here, but this is how I did it in Windows 7 and I will write to the application log and not to the log of forwarded events:

  • Windows logo> type regedit in the search and press Enter

  • Expand HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog

  • Find the Application key and create a new key for your application: MyApp

  • In MyApp right-click in the right window in an empty area and select New> Extensible String Value . This will create a REG_EXPAND_SZ entry. Give it the name EventMessageFile .

  • Double-click the new entry to set the value. For the value, type: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll Select OK .

  • Leave the string value (Default) with only your value (value not set) .

  • Repeat twice, replacing CurrentControlSet with ControlSet001 and ControlSet002 .

And if you need to move the application to another computer, you can right-click it and select Export . You save the file as a .reg file, and then copy it to the next computer. There you double-click to start it (during login as administrator). Thus, you do not need to manually create them again, and for other applications you can edit the .reg file in Notepad and just change the name of the application, save it (be sure to change the format to "All files", so it saves .reg at the end and doesn’t save it as a .txt file), and then you can double-click it to start and insert a new EventLog application.

+1
source share

More articles:


All Articles