| Executive Summary: |
The Windows Event Viewer is a tool that can provide you with useful information regarding your computer's health. Although many events are logged in the Windows Event Viewer, it's sometimes useful to create and log custom events. Using the Windows Eventcreate command, you can easily create and log custom events.
The Windows Event Viewer is a tool that can provide you with useful information regarding your computer's health. It contains at least three logs: the Application log (which contains events generated by applications), the Security log (which contains security-related events generated by Windows), and the System log (which contains system-wide events generated by Windows). Each log displays Information, Warning, and Error events, which are accompanied by the name of the source component that raised the event, a brief event description, and an event ID. Administrators rely on these logs not only for information about problems (e.g., failure to start a service) but also for information about successful operations (e.g., successful RAS connections).
Sometimes it's useful to log your own events. For example, I have a startup script that I've scheduled to run every night. I recently found a way to log its events so that I could make sure it was successfully executing. You can log events by using the Eventcreate command. The basic syntax that I use is:
Eventcreate /ID EventID /L LogName /T Type /SO Source /D Description
- EventID is the ID you want to give the event. You can use any number from 1 to 1000.
- LogName is the name of the log to which you want to write the event. You can write to the Application or System log but not the Security log.
- Type defines the severity of the event. You can specify Information, Warning, or Error.
- Source specifies the component (e.g., application, script) generating the event.
- Description is the text you want displayed when the event appears in the log.
For example, I created the following event to be logged whenever my startup script successfully executes. Note that this command has to be entered inside the startup script:
Eventcreate /ID 123 /L Application /T Information /SO StartupScript /D "Startup script executed!"
You can even write events to a log on another computer by using the eventcreate command's /S Computer parameter (where Computer is the machine's name). If you need to specify alternate credentials for the remote-computer, you can use the /U User and /P Password parameters (where User and Password are the credentials). For information about these three parameters, open a command prompt and type
The Eventcreate command works on Windows Server 2003 and Windows XP. I haven't tested it on any other OSs.