Windows Event Viewer shows wrong severity for all messages from my service
I'm trying to create my own Windows service in C according to this tutorial. My event message definition file looks like this
EventLogMessages.mc:
MessageIdTypedef=DWORD
SeverityNames=(
Success=0x0:STATUS_SEVERITY_SUCCESS
Info=0x1:STATUS_SEVERITY_INFO
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
FacilityNames=(
System=0x0:FACILITY_SYSTEM
Runtime=0x2:FACILITY_RUNTIME
Stubs=0x3:FACILITY_STUBS
Io=0x4:FACILITY_IO_ERROR_CODE
)
LanguageNames=(English=0x409:MSG00409)
; // The following are message definitions.
MessageId=0x1
Severity=Success
Facility=Runtime
SymbolicName=SVCEVENT_STATUS_REPORT
Language=English
Status report: %2.
.
MessageId=0x2
Severity=Error
Facility=System
SymbolicName=SVCEVENT_INIT_SYSCALL_ERROR
Language=English
Essential syscall failed when starting the service: %2.
.
MessageId=0x3
Severity=Error
Facility=Runtime
SymbolicName=SVCEVENT_CUSTOM_ERROR
Language=English
Service-specific error: %2.
.
; // A message file must end with a period on its own line
; // followed by a blank line.
It's almost a copy of the sample file from docs.
However whenever i compile this file, start the service and open the Event Viewer, i see all messages from my service as "Level: Error", even those that should have lower severity.
The event IDs and the messages are correct, but the severity is always wrong.
I opened the the generated header file EventLogMessages.h and here it seems alright as well.
#define SVCEVENT_STATUS_REPORT ((DWORD)0x00020001L)
The upper 2 bits (that indicate severity) are correctly set to 0 - STATUS_SEVERITY_SUCCESS. But regardless, the event is always displayed wrong.
Anyone has a clue why it's wrong and how to fix it?
So i figured it out by trial and error.
The severity is in fact only controlled by the 2nd parameter of ReportEvent and the upper bits of the messageID (that comes from the .mc file and goes to the 4th parameter) are totally ignored.
So to send a "warning" event, instead of defining the message properties like
MessageId=0x2
Severity=Warning
Facility=Runtime
SymbolicName=SVCEVENT_WARNING
...
you need to call the function this way
ReportEvent( hEventSource, EVENTLOG_WARNING_TYPE, 0, SVCEVENT_WARNING, ... );
Not sure what message severity is good for then, but it works.
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How to Implement Universal Setter/Getter Functions for Interrupt-Driven Variables in Embedded C?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- Avoiding strcpy overflow destination warning
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended
- How to refactor repetition inside a Makefile?
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct