Event logging in Microsoft Windows provides a standard, centralized way for you to have your applications record important software and hardware events. When an error occurs, the system administrator or support technicians must determine what caused the error, attempt to recover any lost data, and prevent the error from recurring. It is helpful if applications, the operating system, and other system services record important events such as low-memory conditions or failed attempts to access a disk. The system administrator can use the event log to help determine what conditions caused the error and the context in which it occurred.
Windows supplies a standard user interface for viewing these event logs and a programming interface for examining log entries.
Using the EventLog component, you can easily connect to event logs on both local and remote computers and write entries to these logs. You can also read entries from existing logs and create your own custom event logs
An event, as defined in Windows, is any significant occurrence ¯ whether in the operating system or in an application ¯ that requires users to be notified. Critical events are sent to the user in the form of an immediate message on the screen. Other event notifications are written to one of several event logs that record the information for future reference. Every event log entry is classified into one of the following categories: errors, warnings, information, success audits, or failure audits.
There are three event logs available by default on computers running Windows 2000 or Windows NT 4.0:
In addition to these logs, other programs may create their own default logs. You can also create your own custom logs.
The following are examples of cases in which event logging can be helpful:
Event logging consumes resources such as disk space and processor time. The amount of disk space that an event log requires and the overhead for an application that logs events depend on how much information you choose to log. Therefore, it is important to log only essential information. It is also best to place event log calls in an error path in the code rather than in the main code path, so as not to reduce performance.
The following restrictions apply to EventLog components:
Types of Event Log Entries | Event Log References | EventLog Programming Architecture | Walkthrough: Creating EventLog Components