EventLog Permissions

If your application needs to write to the EventLog you will need to set the permissions and source. This can be done from a command prompt that is run as administrator.


EVENTCREATE

     [/S system [/U username [/P [password]]]] /ID eventid
            [/L logname] [/SO srcname] /T type /D description

Description:

This command line tool enables an administrator to create a custom event ID and message in a specified event log.

Parameter List:

    /S    system           Specifies the remote system to connect to.
    /U    [domain\]user    Specifies the user context under which
                           the command should execute.
    /P    [password]       Specifies the password for the given
                           user context. Prompts for input if omitted.
    /L    logname          Specifies the event log to create
                           an event in.
    /T    type             Specifies the type of event to create.
                           Valid types: SUCCESS, ERROR, WARNING, INFORMATION.
    /SO   source           Specifies the source to use for the
                           event (if not specified, source will default
                           to 'eventcreate'). A valid source can be any
                           string and should represent the application
                           or component that is generating the event.
    /ID   id               Specifies the event ID for the event. A
                           valid custom message ID is in the range
                           of 1 - 1000.
    /D    description      Specifies the description text for the new event.
    /?                     Displays this help message.

Examples:

EVENTCREATE /ID 1 /L APPLICATION /T INFORMATION  /SO SOURCENAME /D "My first log"
    EVENTCREATE /T ERROR /ID 1000
        /L APPLICATION /D "My custom error event for the application log"
    EVENTCREATE /T ERROR /ID 999 /L APPLICATION
        /SO WinWord /D "Winword event 999 happened due to low diskspace"
    EVENTCREATE /S system /T ERROR /ID 100
        /L APPLICATION /D "Custom job failed to install"
    EVENTCREATE /S system /U user /P password /ID 1 /T ERROR
        /L APPLICATION /D "User access failed due to invalid user credentials"
  

Verification:

After running the command you should see a registry entry as follows:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application\SOURCENAME