[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1384
  • Last Modified:

create event log

How do I create a system event log that will not display a message starting with "The description for Event ID ( 1000 ) in Source ( MYAPP) cannot be found."

And that is listed in the system log instead of the application log.
0
CornDog932
Asked:
CornDog932
  • 7
  • 5
  • 3
3 Solutions
 
AxterCommented:
You can use the following code:

/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\ EventLog.h,  Declaration for EventLog class
\
/ Version:      1.0, 2004-06-06: created
\
/ Author:      David Maisonave
\                  http://www.axter.com
/           Top ten expert at the Expert Exchange
\                  http://www.experts-exchange.com/Programming/Programming_Languages/Cplusplus/
/
\
/ This code is provided AS IS, you use it at your own risk!
\ You may use it for whatever you want.
/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\*/


#ifndef EventLog_H_HEADERGUARD_
#define EventLog_H_HEADERGUARD_

class EventLog {
public:
      enum LOGTYPE{LT_APPLICATION, LT_SECURITY, LT_SYSTEM, LT_DNSSERVER};
     EventLog(LPCTSTR apAppName, LOGTYPE logtype = LT_APPLICATION, BOOL RegisterApp = true);
     ~EventLog();

     BOOL ReportFailure(LPCTSTR Msg);
     BOOL ReportError(LPCTSTR Msg);
     BOOL ReportWarn(LPCTSTR Msg);
     BOOL ReportInformation(LPCTSTR Msg);

private:
     BOOL Report(WORD wtype, DWORD aId, WORD aNumStrings, LPCTSTR * apMessage);
     HANDLE m_Handle;
};



#endif //!EventLog_H_HEADERGUARD_





/*\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\ EventLog.cpp,  Implementation for EventLog class
\
/ Version:      1.0, 2004-06-06: created
\
/ Author:      David Maisonave
\                  http://www.axter.com
/           Top ten expert at the Expert Exchange
\                  http://www.experts-exchange.com/Programming/Programming_Languages/Cplusplus/
/
\
/ This code is provided AS IS, you use it at your own risk!
\ You may use it for whatever you want.
/
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\*/

#include "stdafx.h"
#include "EventLog.h"

#ifndef EVENT_ELOG
#define EVENT_ELOG                       0x000003E8L
#endif //!EVENT_ELOG


EventLog::EventLog(LPCTSTR apAppName, LOGTYPE logtype, BOOL RegisterApp)
:m_Handle(RegisterEventSource(NULL, apAppName))
{
      if (RegisterApp)
      {
            HKEY hk;
            // Add your source name as a subkey under the Application
            // key in the EventLog registry key.
            CString LogType[4] = {"Application\\", "Security\\", "System\\", "DNS Server\\"};
            CString AppKey = "SYSTEM\\CurrentControlSet\\Services\\EventLog\\" + LogType[logtype] + apAppName;
            if (RegCreateKey(HKEY_LOCAL_MACHINE,AppKey, &hk) == ERROR_SUCCESS)
            {
                  CString ExecutablePath;
                  GetModuleFileName(::GetModuleHandle(NULL), ExecutablePath.GetBuffer(_MAX_PATH), _MAX_PATH);
                  ExecutablePath.ReleaseBuffer();
                  
                  // Add the name to the EventMessageFile subkey.
                  if (RegSetValueEx(hk,             // subkey handle
                        "EventMessageFile",       // value name
                        0,                        // must be zero
                        REG_EXPAND_SZ,            // value type
                        (LPBYTE) (LPCTSTR)ExecutablePath,           // pointer to value data
                        ExecutablePath.GetLength()+1) == ERROR_SUCCESS)  
                  {
                        // Set the supported event types in the TypesSupported subkey.
                        DWORD dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE | EVENTLOG_AUDIT_FAILURE;
                        RegSetValueEx(hk,      // subkey handle
                              "TypesSupported",  // value name
                              0,                 // must be zero
                              REG_DWORD,         // value type
                              (LPBYTE) &dwData,  // pointer to value data
                              sizeof(DWORD));
                  }
                  RegCloseKey(hk);
            }
      }
}

EventLog::~EventLog()
{
     if (m_Handle)DeregisterEventSource(m_Handle);
}


BOOL EventLog::Report(WORD wtype, DWORD aId, WORD aNumStrings,  LPCTSTR * apMessage ) {
     if ( m_Handle == NULL ) {
          return FALSE;
     }

     if (!ReportEvent(m_Handle,     /* event log handle            */
               wtype,  /* event type                  */
               0,                    /* category zero               */
               aId,                  /* event identifier            */
               NULL,                 /* no user security identifier */
               aNumStrings,          /* one substitution string     */
               0,                    /* no data                     */
               apMessage,            /* address of string array     */
               NULL))                /* address of data             */
          {
               return FALSE;
          }
     
     return TRUE;
}


BOOL  EventLog::ReportFailure(LPCTSTR Msg)
{
      LPCTSTR arry[2] = {Msg, NULL};
      return Report(EVENTLOG_AUDIT_FAILURE, EVENT_ELOG, 1, arry);
}

BOOL  EventLog::ReportError(LPCTSTR Msg)
{
      LPCTSTR arry[2] = {Msg, NULL};
      return Report(EVENTLOG_ERROR_TYPE, EVENT_ELOG, 1, arry);
}

BOOL  EventLog::ReportWarn(LPCTSTR Msg)
{
      LPCTSTR arry[2] = {Msg, NULL};
      return Report(EVENTLOG_WARNING_TYPE, EVENT_ELOG, 1, arry);
}

BOOL  EventLog::ReportInformation(LPCTSTR Msg)
{
      LPCTSTR arry[2] = {Msg, NULL};
      return Report(EVENTLOG_INFORMATION_TYPE, EVENT_ELOG, 1, arry);
}



0
 
jkrCommented:
How are you writing to the log? You should do that like http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/reporting_an_event.asp ("Reporting an Event") describes. Also, you need to use the message compiler to create a MESSAGETABLE resource (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/tools/messagetable_resource.asp). See e.g. http://support.microsoft.com/default.aspx?scid=kb;en-us;166902 ("HOWTO: Troubleshooting the "Event Message Not Found" Message") and http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/tools/message_compiler.asp ("Message Compiler")

A sample can be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpmsgtable.asp ("MsgTable: Message Table Sample")

BTW, http://msdn.microsoft.com/library/en-us/dndllpro/html/msdn_ntservic.asp ("Creating a Simple Win32 Service in C++ ") comes with a nice description also.
0
 
jkrCommented:
>> You can use the following code

Not without a MESSAGERESOURCE :o)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
AxterCommented:
>>"The description for Event ID ( 1000 ) in Source ( MYAPP) cannot be found."

You need to add either an RC file to your application, or an res file.

Create a file named EVENT.MC with the following contents:
MessageId=1000
SymbolicName=EVENT_ELOG
Language=English
%1

Then run the following command line:
mc event.mc
Then run the following:
rc event.rc

You should now have both an event.res file and an event.rc file.

If you're application already has an existing *.rc file, then you can just modify your existing *.rc file, by adding an #include to the event.rc file.
#include "event.rc" // Add this before the first resource

If your application does not have a *.rc file, then just add event.res to your linking option.


0
 
AxterCommented:
>>Not without a MESSAGERESOURCE :o)

I was still typing.

I didn't want to put too much information in one post. :-)
0
 
AxterCommented:
FYI:
The following link that jkr posted, is a really good link for trouble shooting:
http://support.microsoft.com/default.aspx?scid=kb;en-us;166902

One of the things the code I posted does not do, is restart the eventlogger.
If the event logger is not restarted, the registry changes will have no effect.

If you need to restart the event logger, take a look at the following link:
http://www.codeproject.com/system/cservicehelper.asp

The above link has a good wrapper class for services, which you can use to restart the event logger.
Otherwise, you could just request a reboot to the user.
0
 
CornDog932Author Commented:
What do you mean by adding the #include before the first resouce?
0
 
jkrCommented:
>> What do you mean by adding the #include before the first resouce?

What he wrote - add the msg.rc file before any other resource in the actual .rc file, if any
0
 
AxterCommented:
>>What do you mean by adding the #include before the first resouce?

Example:

Open your *.rc file in text mode.
You should see a line with the following:
#include "resource.h"

Right after that line, and the #include
#include "resource.h"
#include "event.rc"

That should add the contents of the event.rc file to your existing *.rc file.
0
 
AxterCommented:
I forgot to mention, that when you create your event.rc and event.res file, a event.h file will get created.
You should and an #include to the EventLog.cpp for this file.

Example:
#include "stdafx.h"
#include "EventLog.h"
#include "Event.h"  //Add this to EventLog.cpp


Also add event.h to your project files.
0
 
AxterCommented:
Correction:
You should *add* an #include to the EventLog.cpp for this file.
0
 
CornDog932Author Commented:
I have the log working, but I'm still having one more problem.

I'm trying to log an event when the disk is full.

But I'm not getting it.

I know the log is working becasuse I call the ReportInformation function when my program starts, and I can see this in the log.

Does anyone know if the disk is full will that prevent event logging?

0
 
jkrCommented:
>>Does anyone know if the disk is full will that prevent event logging?

A shot in the dark: When the disk is full, the event log cannot grow any more since the disk is full...
0
 
CornDog932Author Commented:
>>A shot in the dark: When the disk is full, the event log
>>cannot grow any more since the disk is full...

That is what I figured but I'm trying to get a more definitive answer.
0
 
jkrCommented:
What do you mean by 'more definitive' in that context? The event log is a file, and if the disk is full and you want to increase the log's size, it won't work. I'm sorry, but I doubt that I can dig out any MSDN article that is "HOWTO: Write to disk when disk is full" :o)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now