Managing Custom Event Logs

<< Click to Display Table of Contents >>

Navigation:  Monitoring with EventSentry > Event Log Monitoring > Monitoring Custom Event Logs >

Managing Custom Event Logs

Custom event logs can be managed with the Manage Custom Event Logs dialog. To open this dialog click on

 

Manage Custom Event Logs in the Tools menu

 

or click on

 

Manage Custom Log Files in the Custom Event Logs tab of any filters' details.

 

The dialog shows all custom event logs and, after clicking on a custom event log, their associated event sources:

 

clip0135

The custom event log 3rd Party Applications has two associated event sources

 

Creating a Custom Event Log

Type the name of the custom event log into the Custom Event Log Name field and click the Add button. A custom log file will automatically be created in %SYSTEMROOT%\SYSTEM32\CONFIG by the Operating System. After the custom event log is created you can assign event sources to this log.

 

Deleting a Custom Event Log

To delete a custom event log select the log from the All configured custom event logs list and click the delete button. The log file itself can be moved or deleted manually from %SYSTEMROOT%\SYSTEM32\CONFIG directory after a reboot.

 

warning_32

Deleting a custom event log will remove all associated event sources. To avoid losing message file information,  remove all associated event sources manually from the affected log (see below) before removing the custom log itself.

 

Associating an Event Source with a Custom Event Log

Custom event logs will only work if you associate event sources with them. The associated event sources will then be written to the custom log file rather than to one of the default log files.

 

You can either associate

 

1.        new event sources with the custom log (e.g. if you are developing a (web) application that will log to the event log)

2.        assign existing event sources from another event log (e.g. Application)

 

1. New Event Sources

If you intend to create new event sources then only the registry key

 

 HKLM\System\CurrentControlSet\Services\Eventlog\YourCustomLog\YourNewSource

 

will be created. You will have to manually register a message file DLL if you intend to use one.

 

2. Existing Event Sources

You can choose any of the already registered event sources and add them to the custom event log. EventSentry will copy the necessary registry information to the custom event log 1:1. This has the advantage of preserving the message file associations thus avoiding event viewer problems.

 

To create/assign an event source with a custom event log simply

 

Select the custom event log (if not already selected)

Type the event source name next to Choose Event Source or choose it from the list

Click Add

 

Deleting an Event Source

To delete or reassociate an event source with a default event log simply:

 

Select the custom event log (if not already selected)

Select the event source to be removed

Click Delete

 

You will then have the opportunity to reassign the event source with one of the default event logs (Application, Security, ...)