Organizing eventlogs into folders

Tomas picture Tomas · Jun 17, 2011 · Viewed 7.1k times · Source

I want to create multiple services and I want them to log each in a log entry under the same directory/folder that I specify so when I open Windows Event Viewer I can see them all placed in one folder. For example service1 would log into service1_log, service2 would log into service2_log and both service1_log and service2_log would reside in one folder named Myservices. I haven't found anything in Windows Event Log API or any other API that would fit into this problem..I can see in windows event viewer there are folders but I can only create logs into the root of the logs hierarchy there.

Thanks in advance Tomas

Answer

Martin Liversage picture Martin Liversage · Jun 17, 2011

Windows Event Log does not log into directories. However, the event log is split into several logs (Application, System, Security etc.) that are presented as folders in Event Viewer. You can create your own log that will appear as a separate folder in Applications and Services Logs (assuming Windows Vista or later) by calling EventLog.CreateEventSource.

However, I will not recommend that you create your own log. Instead you can let your services log to the Application log. By letting each service use a separate event source you can easily filter the Application log to only only display the interesting log messages. Again assuming Windows Vista or later you can create a custom view below the Custom Views node and filter it by source. This folder will then only show log messages from your services.


Fast forward five years: Now, it is quite easy to create you own log that can be seen in Application and Services Logs by using the EventSource class which allows you to create events for Event Tracing for Windows (ETW). ETW is highly configurable, has very good performance but can also be a bit difficult to use initially. Message size is limited, installing a new manifest requires administrative rights, while channels like Diagnostics are collecting data you can't view the log etc. But all in all ETW is a good alternative to logging to the Application event log.