Where can I find a good example of ReportEvent function usage?

Asked 17/8, 2009 at 22:14 Answered 7/9, 2016 at 17:6

As with most "legacy" MSDN pages, the page for ReportEvent has too little information for me to make much sense of it. I've tried searching, but can't find a good, clean, simple example of the function's usage. Could anyone suggest one?

Mauramauralia answered 17/8, 2009 at 22:14 Comment(0)

I ended up using this:

HANDLE eventLog;
WORD type;
const char* msg;

// ... snip ...

ReportEvent(eventLog, type, 0, 1, NULL, 1, 0, &LPCTSTR(msg), NULL);

Seems to work well enough.

Mauramauralia answered 23/8, 2009 at 14:8 Comment(2)

The problem with this solution is that it logs jumble (cf: "The description for Event ID 1 from source XYZ.exe cannot be found" on Windows Vista). – Causation 11/10, 2010 at 12:58

What Dimitri said. In fact in recent Windows versions (Windows 11 21H2 in my case) it's even worse than that: the Event Viewer will look up the Event ID in the system message table, resulting in very confusing messages (e.g. EventID 0 will translate to "The operation completed successfully" and 1 as used in the example will translate to "Incorrect function"). I would recommend using something like MAXDWORD as the EventID - the message still won't look good in the Event Viewer, but at least it won't be misleading. – Freed 9/4, 2022 at 21:57

Well this seems to be a very old thread, landed here looking for a good example of Report Event... but figured out you have not received any replies...and would have probably already found the solution.

The reason you see "Event Id not found" is because the EventViewer is not able to load/lookup the text resource to be displayed for the event Id. Sorry if last line sounded geeky.. but this is what i understand of EventLog:

-EventLogging has two aspects

Registering with EventLog (or in other terms creating EventSource)
Logging or Writing into Event Log
Viewing or Reading from log

When you register in event log, you simply specify a eventSource (any name that identifies that log) + EventMessageFile, Category File and SupportedEventTypes. Here EventMessageFile points to a DLL/EXE that contains your message descriptions/resources.

When you log an event, you simply log it with some data like EventID, Category ID and EventData. But when you view it using any EventViewer (or Windows eventVwr.exe) the viewer reads your events, looks for a DLL/EXE associated with your eventSource(pointed by EventMessageFile), and renders the decription from the resource section of that DLL/EXE.

This DLL is nothing but a simple resource file that was compiled using MessageCompiler, and contains a "MessageTable". This is done to provide culture specific event logging

This is the reason, When you export the log into XML/TXT etc from your EventViewer, It asks you if you want to Save it "with Display informaion" or "without display information", so that you can view it on computers that do not have EventMessageFile.

JFYI the reg entry is located at:

HKLM\CurrentControlSet\System\Services\EventLog\Application

one catch: If you're wondering how .Net does it..., it simply does it by providing a default EventMessageFile called EventLogMessage.dll (found under %SYSTEMROOT%\Microsoft.Net\Framework\vXXXX\)

Satin answered 22/8, 2012 at 11:58 Comment(1)

If you don't need language-/culture-specific messages you can generate a message DLL which only contains one ID (e.g. GENERIC_MESSAGE) which maps to a resource "%1". Then you register this DLL for your application and simply pass the string to display in Event Viewer as 1st parameter to this message. This method is described in codeproject.com/Articles/3995/… but be aware to use the "-c" flag when invoking "mc" for the example to work! – Chivalry 3/3, 2016 at 7:13

As I recall it is a pain to set up correctly - you need to add messages to you application using the Message Compiler - if you skip this you won't see useful messages only error codes. Take a look at Creating a Windows NT Service by Using ATL for an example

Bradbradan answered 17/8, 2009 at 23:18 Comment(0)

-1

The sample Windows Service C++, is a windows service reporting to event log, you can get the code from https://code.msdn.microsoft.com/windowsapps/CppWindowsService-cacf4948 in particular, the following function (quoted from ServiceBase.cpp) does it

//
//   FUNCTION: CServiceBase::WriteEventLogEntry(PWSTR, WORD)
//
//   PURPOSE: Log a message to the Application event log.
//
//   PARAMETERS:
//   * pszMessage - string message to be logged.
//   * wType - the type of event to be logged. The parameter can be one of 
//     the following values.
//
//     EVENTLOG_SUCCESS
//     EVENTLOG_AUDIT_FAILURE
//     EVENTLOG_AUDIT_SUCCESS
//     EVENTLOG_ERROR_TYPE
//     EVENTLOG_INFORMATION_TYPE
//     EVENTLOG_WARNING_TYPE
//
void CServiceBase::WriteEventLogEntry(PWSTR pszMessage, WORD wType)
{
    HANDLE hEventSource = NULL;
    LPCWSTR lpszStrings[2] = { NULL, NULL };

    hEventSource = RegisterEventSource(NULL, m_name);
    if (hEventSource)
    {
        lpszStrings[0] = m_name;
        lpszStrings[1] = pszMessage;

        ReportEvent(hEventSource,  // Event log handle
            wType,                 // Event type
            0,                     // Event category
            0,                     // Event identifier
            NULL,                  // No security identifier
            2,                     // Size of lpszStrings array
            0,                     // No binary data
            lpszStrings,           // Array of strings
            NULL                   // No binary data
            );

        DeregisterEventSource(hEventSource);
    }
}

Wuhan answered 7/9, 2016 at 17:6 Comment(0)

Recommended topics

Hot tags