How To Use the Event Logging Utility (Logevent.exe) to Create and Log Custom Events in Event Viewer in Windows 2000 (315410)

SUMMARY

This step-by-step article describes how to use the Event Logging utility (Logevent.exe) to create and to log custom events to the Application Log of Event Viewer. Logevent.exe is included in the Windows 2000 Resource Kit. You can start Logevent.exe by using either the command prompt or a batch file, and you can use the tool to create entries in the Application Log of either a local or a remote Windows 2000-based computer.

Logevent.exe is useful when you want to log error information or status information from batch programs that you run by using logon scripts or by using the AT command. You can call Logevent.exe from a batch file, and then use it to log the information to the Application Log. Logevent.exe can store entries in the logs of other computers; therefore, you can record data in a central location.

back to the top

Overview of Logevent.exe

Logevent.exe uses the following syntax: The following list describes the parameters that you can use with Logevent.exe:

• -m \\computername: Use this parameter to specify the name of the computer on which the event is logged. If you omit this parameter, the event is logged on the local computer. This parameter is mapped to the Computer section of the event header when you view the event in Event Viewer.
• -s severity: Use this parameter to specify the severity level of the logged event, where severity is one of the following categories:
  • S: Success
  • I: Information (This is the default setting. If you do not specify a severity level, Logevent.exe uses I.)
  • W: Warning
  • E: Error
  • F: Failure
  This parameter is mapped to the Type section of the event header when you view the event in Event Viewer.
  
  
• -c categorynumber: Use this parameter to specify the category number of the logged event. If you do not type a number, Logevent.exe uses the default value 0 (none). This parameter is mapped to the Category section of the event header when you view the event in Event Viewer.
• -r source: Use this parameter to specify the source of the logged event (for example, the name of the program or script). You must use double quotes to enclose strings that contain spaces. If you do not specify a string, Logevent.exe uses the User Event default string. This parameter is mapped to the Source section of the event header when you view the event in Event Viewer.
• -e eventID: Use this parameter to assign an event ID number to the logged event. You can use integers from 0 to 65535. If you do not assign a value, Logevent.exe uses 1 (the default value). This parameter is mapped to the Event ID section of the event header when you view the event in Event Viewer.
• -t timeout: Use this parameter to specify the time that Logevent.exe waits to create a log entry. Logevent.exe quits after the log entry is created. By default, Logevent.exe waits 60,000 milliseconds (1 minute).
• "event text": Use this parameter to type a description for the logged event. You must use double quotes to enclose strings that contain spaces, for example, "This is my message." This parameter is mapped to the Description section when you view the event in Event Viewer.

back to the top

Examples

How to Log an Entry on the Local Computer

To record an Information entry in the Application Log of the local computer, either use the following line in a batch file or type it at a command prompt, and then press ENTER: When you view the event details in Event Viewer for this example, an entry similar to the following is displayed:

   Date:      01/01/2002   Source:    User Event
   Time:      8:16         Category:  None
   Type:      Information  Event ID:  1
   User:      N/A          
   Computer:  MYCOMPUTER 
				

   Description:
   The description for Event ID ( 1 ) in Source ( User Event) cannot 
   be found. The local computer may not have the necessary registry
   information or message DLL files to display messages from a remote
   computer.  The following information is part of the event: This is 
   a test.
				

back to the top

How to Log an Entry on a Remote Computer

To log a Warning entry on a remote computer named "Server1," with a category code of 100, and an event ID number of 88, either use the following line in a batch file or type it at the command prompt, and then press ENTER: When you view the event details in Event Viewer for this example, an entry similar to the following is displayed:

   Date:      01/01/2002   Source:    my batch program
   Time:      8:30         Category:  (100)
   Type:      Warning      Event ID:  88
   User:      N/A          
   Computer:  SERVER1 
				

   Description:
   The description for Event ID ( 88 ) in Source ( my batch program ) 
   cannot be found. The local computer may not have the necessary 
   registry information or message DLL files to display messages from 
   a remote computer.  The following information is part of the event:
   batch program failed!
				

back to the top

How to View Application Log Events in Event Viewer

To view events in the Application Log of Event Viewer:

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Administrative Tools, then double-click Event Viewer.
   
   NOTE: Alternatively, you can start Event Viewer by starting the Microsoft Management Console (MMC) program that contains the Event Viewer snap-in.
3. Click to expand Event Viewer (if it is not already expanded).
4. Click Application.
   
   The events that are logged in the Application Log are displayed in the right details pane.
5. To view more details about a specific event, double-click the event that you want to view.
6. To copy the details of the event, click the Copy button, open a new document using the program in which you want to paste the event (for example, Microsoft Word), and then click Paste on the Edit menu.
7. To view the description of the previous or next event, click the up or down arrow.

back to the top