Custom event logs can be managed with the Manage Custom Event Logs dialog. To open this dialog click on
•Manage Custom Event Logs in the Tools menu
or click on
•Manage Custom Log Files in the Custom Event Logs tab of any filters' details.
The dialog shows all custom event logs and, after clicking on a custom event log, their associated event sources:
The custom event log 3rd Party Applications has two associated event sources
Creating a Custom Event Log
Type the name of the custom event log into the Custom Event Log Name field and click the Add button. A custom log file will automatically be created in %SYSTEMROOT%\SYSTEM32\CONFIG by the Operating System. After the custom event log is created you can assign event sources to this log.
Deleting a Custom Event Log
To delete a custom event log select the log from the All configured custom event logs list and click the delete button. The log file itself can be moved or deleted manually from %SYSTEMROOT%\SYSTEM32\CONFIG directory after a reboot.
|
Deleting a custom event log will remove all associated event sources. To avoid losing message file information, remove all associated event sources manually from the affected log (see below) before removing the custom log itself. |
Associating an Event Source with a Custom Event Log
Custom event logs will only work if you associate event sources with them. The associated event sources will then be written to the custom log file rather than to one of the default log files.
You can either associate
1. new event sources with the custom log (e.g. if you are developing a (web) application that will log to the event log)
2. assign existing event sources from another event log (e.g. Application)
1. New Event Sources
If you intend to create new event sources then only the registry key
HKLM\System\CurrentControlSet\Services\Eventlog\YourCustomLog\YourNewSource
will be created. You will have to manually register a message file DLL if you intend to use one.
2. Existing Event Sources
You can choose any of the already registered event sources and add them to the custom event log. EventSentry will copy the necessary registry information to the custom event log 1:1. This has the advantage of preserving the message file associations thus avoiding event viewer problems.
To create/assign an event source with a custom event log simply
•Select the custom event log (if not already selected)
•Type the event source name next to Choose Event Source or choose it from the list
•Click Add
Deleting an Event Source
To delete or reassociate an event source with a default event log simply:
•Select the custom event log (if not already selected)
•Select the event source to be removed
•Click Delete
You will then have the opportunity to reassign the event source with one of the default event logs (Application, Security, ...)
