8.3. Creating a New Event Log

Problem

You want to create a custom event log. This can be useful if you have a custom application that needs to write a bunch of events to the event log and you do not want to clutter one of the default logs.

Solution

Using a graphical interface

  1. Open the Registry Editor (regedit.exe).

  2. In the left pane, browse to HKLM SYSTEM CurrentControlSet Services Eventlog.

  3. Right-click on Eventlog and select New Key.

  4. Enter the name of the new event log and hit Enter.

Using a command-line interface

Create the following registry key and replace <LogName> with the name of the new log:

> reg add \\<ServerName>\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\<LogName>

Using VBScript

' This code creates a new event log. 
' ------ SCRIPT CONFIGURATION ------
strNewLog = "<LogName>"      ' e.g., MyLog
strServer = "<ServerName>"   ' e.g., fs01 (use "." for local server)
' ------ END CONFIGURATION ---------
const HKLM = &H80000002
strKeyPath = "SYSTEM\CurrentControlSet\Services\EventLog\" & strNewLog
set objReg = GetObject("winmgmts:\\" & strServer & "\root\default:StdRegProv")
objReg.CreateKey HKLM, strKeyPath
WScript.Echo "Created Event log " & strNewLog

Discussion

When you view events in an event log using a tool such as Event Viewer, you are actually interacting with the Event Log service. It is this service that applications interface with to write and retrieve events. Each event log is defined as a subkey under the HKLM\SYSTEM\CurrentControlSet\Services\Eventlog key. The name ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.