Event Log References
There are three default event logs on any computer: an Application event log, a Security event log, and a System event log. In addition to these logs, there may be other logs that are installed by applications on the server and custom logs that are created by users. You identify which of these event logs you want to work with. The method of referencing a specific log differs depending on whether you want to read the log's entries or write entries to the log. The following illustration shows the overall process of referencing logs for read or write operations.
Event Log Referencing
Referencing a Log to Read Entries
When you read entries from an event log, you uniquely identify the log you want by machine name and log name. Machine name denotes the server on which the event log exists, and log name is simply the name of the log. Machine name is optional; if you do not specify a machine, the local computer is assumed.
For example, suppose you have an instance of the EventLog component that you want to use to read entries from a custom log called "OrderEntrySystem," which is stored on a server named "myserver". You would connect to this log by specifying that:
The machine name is "myserver"
The log name is "OrderEntrySystem"
You can retrieve the machine name of a log by querying the MachineName property. You can retrieve the log name by querying the Log property.
Security Note |
---|
Treat the data from an event log as you would any other input coming from outside your system. Your application may need to validate the data in the event log before using it as input. Another process, possibly a malicious one, may have accessed the event log and added entries. |
Referencing a Log to Write Entries
If you are writing entries to an event log, you must specify the Source property. The Source property registers your component with the event log as a valid source of entries. You can specify any string as the value for the Source property; however, it may be helpful to use the name of your project for this value.
Note |
---|
If the source is already registered with the log, you do not need to set the log name property to write to the log. You can also not set the machine name; in this case the local computer will be assumed. |
For example, suppose you have an instance of the EventLog component that you want to use to write entries to a custom log called "OrderEntrySystem," which is stored on the local computer. Assuming that the source has not already been registered, you would connect to this log by specifying that the machine name is ".", the log name is "OrderEntrySystem," and by setting the source to a string of your choice.
Note |
---|
In this case the period in the machine name indicates the local computer. |
A single source can be associated with (and therefore write entries to) only one event log at a time, but a single event log can have many different sources writing to it at once. This means that each instance of the EventLog component, when configured to interact with a specific source, can write to only one event log. If you want to write to multiple logs, you must use different instances or change the Source property of an existing instance. For more information on event log sources, see EventLog or Introduction to the EventLog Component.
See Also
Tasks
Walkthrough: Exploring Event Logs, Event Sources, and Entries