Creating Custom Event Logs

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

By default, Windows 2000 based computers have three event logs: System Log, Security Log, and Application Log. Depending on a computer s role and on the services hosted by the computer, you can have additional event logs, such as Directory Service Log, DNS Server Log, and File Replication Service Log.

Custom event logs, which can be created by adding a subkey to the registry, can make it easier for you to monitor specific applications or types of events. For example, you might create a custom event log named ScriptingEventLog and use this as a repository for any events written by one of your scripts. After the custom log has been created, it can be programmatically monitored and managed by using WMI.

One minor limitation of a custom event log is that no event sources are registered for the log. As a result, your event descriptions are prefaced with a notice informing you that no event source could be found for the event. An event description, recorded as "Drive X could not be mapped" and similar to the following, appears in Event Viewer:

The description for Event ID ( 100 ) in Source ( SCRIPTINGEVENTLOG ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Drive X could not be mapped. 

Caution

• Changing the registry with a script can easily propagate errors. The scripting tools bypass safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. Before scripting changes to the registry, test your script thoroughly and back up the registry on every computer on which you will make changes. For more information about scripting changes to the registry, see the Registry Reference on the Microsoft Windows 2000 Server Resource Kit companion CD or at http://www.microsoft.com/reskit.

Scripting Steps

Listing 12.16 contains a script that creates a custom event log by adding a subkey to the registry. To carry out this task, the script must perform the following steps:

1. Create a constant named NO_VALUE and set the value to Empty. This constant is used to create an empty value for the new registry subkey.
2. Create an instance of the WSH Shell object.
3. Use the RegWrite method to create a new registry subkey and set its value to NO_VALUE. The new subkey is named HKLM\System\CurrentControlSet\Services\EventLog\ScriptingEventLog\, which means that the new event log will be named ScriptingEventLog.

Listing 12.16   Creating a Custom Event Log

1 2 3 4 5 

Const NO_VALUE = Empty Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.RegWrite _ "HKLM\System\CurrentControlSet\Services\EventLog\ScriptingEventLog\", _     NO_VALUE

Send us your feedback

« Previous | Next »