Creating and Removing Custom Event Logs
You can use the EventLog class to create a custom event log on a local or remote computer. You might create a custom log if you wanted to organize your entries in a more granular way than is allowed when your components write entries to the default Application log. For example, suppose you have a component called OrderEntry that writes entry information to an event log. You are interested in backing up and saving these entries for a longer period of time than some other entries in the Application log. Rather than registering your component to write to the Application log, you can create a custom log called OrdersLog and register your component to write entries to that log instead. That way, all of your order information is stored in one place and will not be affected if the entries in the Application log are cleared.
You can indirectly use the CreateEventSource method to create a custom log. This method creates a new source and lets you specify the log to write to. If you specify that you want to write to a log that does not already exist, the system automatically creates a custom log for you and registers your component as a source for that log.
Note You remove a custom log the same way you remove any log — by calling the Delete method. For more information, see Deleting Event Logs.
It is important to note the difference between creating an event log and creating an instance of the EventLog component. When you use the CreateEventSource method, you are creating a new custom event log in Windows, rather than a component in your project or application. When you create an instance of the EventLog component, you create a component inside your project that references an external event log. You can view the event logs created with the CreateEventSource method in the Event Viewer, but you cannot view component instances there.
You must have appropriate access rights on the remote machines to create and delete logs. For more information, see Security Ramifications of Event Logs.
Security Note When you create an event log, be aware that the resource may already exist. Another process, perhaps a malicious one, may have already created the resource and have access to it. When you put data in the event log, the data is available to the other process. For information on existing event logs, see Determining If Specific Event Logs Exist.
To create a custom event log
- Call the CreateEventSource method and specify the source string and the name of the log file you want to create.
Note If you specify null ("") as the log name, it defaults to Application. This will not create a new log, but will register the specified source for the Application log. If you create a new log, only the first eight letters are evaluated when determining if the name is unique.
The following example shows how to create a custom log called MyNewLog on the local machine. This code assumes that an Imports or Using statement exists for the System.Diagnostics namespace:
' Visual Basic EventLog.CreateEventSource("MyApp1", "MyNewLog") // C# System.Diagnostics.EventLog.CreateEventSource("MyApp1", "MyNewLog");
To create a custom event log on a remote machine, specify the machine name as a third parameter. The following code shows an example.
' Visual Basic EventLog.CreateEventSource("MyApp1", "MyNewLog", "myserver") // C# System.Diagnostics.EventLog.CreateEventSource( "MyApp1", "MyNewLog", "myserver");