Executive Summary:
The Windows Event Viewer is a tool that can provide you with useful information regarding your computer's health. Although many events are logged in the Windows Event Viewer, it's sometimes useful to create and log custom events. Using the Windows Eventcreate command, you can easily create and log custom events.
|
The Windows Event Viewer is a tool
that can provide you with useful information regarding your computer's
health. It contains at least three logs:
the Application log (which contains
events generated by applications),
the Security log (which contains
security-related events generated by
Windows), and the System log (which
contains system-wide events generated
by Windows). Each log displays Information, Warning, and Error events,
which are accompanied by the name
of the source component that raised
the event, a brief event description,
and an event ID. Administrators rely
on these logs not only for information
about problems (e.g., failure to start
a service) but also for information
about successful operations (e.g., successful RAS connections).
Sometimes it's useful to log your
own events. For example, I have a
startup script that I've scheduled to
run every night. I recently found a
way to log its events so that I could
make sure it was successfully executing. You can log events by using the
Eventcreate command. The basic
syntax that I use is:
Eventcreate /ID EventID
/L LogName /T Type
/SO Source /D Description
where
- EventID is the ID you want to give
the event. You can use any number
from 1 to 1000.
- LogName is the name of the log to
which you want to write the event.
You can write to the Application or
System log but not the Security log.
- Type defines the severity of the
event. You can specify Information,
Warning, or Error.
- Source specifies the component (e.g., application, script) generating
the event.
- Description is the text you want displayed when the event appears in
the log.
For example, I created the following event to be logged whenever my
startup script successfully executes.
Note that this command has to be
entered inside the startup script:
Eventcreate /ID 123
/L Application /T Information
/SO StartupScript
/D "Startup script executed!"
You can even write events to a log
on another computer by using the
eventcreate command's /S Computer
parameter (where Computer is the
machine's name). If you need to
specify alternate credentials for the remote-computer, you can use the /U User and
/P Password parameters (where User and
Password are the credentials). For information about these three parameters, open a command prompt and type
eventcreate /?
The Eventcreate
command works on
Windows Server 2003
and Windows XP. I
haven't tested it on any
other OSs.
End of Article
Register
