Search code examples
c#event-log

How can you create a folder structure in the Event Log?

I'm trying to create a folder structure in the Event Viewer using C#. I have created a new log folder in the Event Viewer under Applications and Service Logs e.g. MyApp but I would like this to be a folder containing multiple different log files each for the different services applications. Is this possible in C#? Something like this: enter image description here

Solution

  • .NET 4 Answer

    What it looks like you are seeing are the channels from Event Tracing for Windows (ETW). You can see the relevant items in the registry at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT.

    To use those features you would have to use the new Windows Event Log functionality which supersedes the Event Logging API starting from Vista and looks like it is mainly targeted at C/C++ development. It does appear that some of this is exposed via the System.Diagnostics.Eventing Namespace.

    I found a good overview of ETW to be Improve Debugging And Performance Tuning With ETW.

    The good news is that it looks like you can do what you want. You will need to create an XML manifest that contains provider information as well as the events that will be logged. Then you need to use the Message Compiler (MC.EXE!) on the manifest to create header, resource files, and logging classes and then register the provider.

    If you download Microsoft Windows SDK for Windows 7 and .NET Framework 4 you will find in the Samples\winbase\Eventing\Provider\Simple\CSharp subdirectory a .NET sample solution that should lead you through all the steps.

    While it does meet your hierarchical requirement and is sort of cool, for a typical line of business application this might be a bit of overkill in terms of complexity. Also, the code generated by the message compiler is unsafe code so that may also be a negative.

    .NET 4.5 Answer

    In .NET 4.5 there is much better support for ETW using the EventSource class. See Windows high speed logging: ETW in C#/.NET using System.Diagnostics.Tracing.EventSource for an introduction. There is also now Event Log support with EventSource. See Announcing the EventSource NuGet Package – Write to the Windows Event Log for a walkthrough. Basically, at compile time a manifest and manifest DLL are generated for each EventSource and these can be registered using wevtutil.exe. With the addition of EventSource and Event Log channel support this approach now looks to be straight forward and viable.

    Finally, note for those interested in ETW that the patterns & practices team has an application block Semantic Logging Application Block that can use ETW.