Adding an Event Source to the Registry
You can use the default Application log without adding an event source to the registry. However, Event Viewer will not be able to map your event identifier codes to message strings unless you register your event source and provide a message file. For more information about event sources, see Event Sources, and for information about message files, see Message Files.
You can add a new source name to the registry by opening a new registry subkey under the Application key or a custom log using the RegCreateKeyEx function, and adding registry values to the new subkey using the RegSetValueEx function. The following example opens a new source and adds a message-file name and a bitmask of supported types.
#include <stdafx.h>
#include <windows.h>
#include <iostream>
#include <strsafe.h>
int __cdecl wmain(int argc, LPWSTR *argv)
{
// Name of the event log.
wchar_t *logName = L"Application";
// Event Source name.
wchar_t *sourceName = L"SampleEventSourceName";
// DLL that contains the event messages (descriptions).
wchar_t *dllName = L"C:\\WINDOWS\\SYSTEM32\\eventSource.dll";
// This number of categories for the event source.
DWORD dwCategoryNum = 1;
HKEY hk;
DWORD dwData, dwDisp;
TCHAR szBuf[MAX_PATH];
size_t cchSize = MAX_PATH;
// Create the event source as a subkey of the log.
HRESULT hr = StringCchPrintf(szBuf, cchSize,
L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
logName, sourceName);
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szBuf,
0, NULL, REG_OPTION_NON_VOLATILE,
KEY_WRITE, NULL, &hk, &dwDisp))
{
printf("Could not create the registry key.");
return 0;
}
// Set the name of the message file.
if (RegSetValueEx(hk, // subkey handle
L"EventMessageFile", // value name
0, // must be zero
REG_EXPAND_SZ, // value type
(LPBYTE) dllName, // pointer to value data
(DWORD) (lstrlen(dllName)+1)*sizeof(TCHAR))) // data size
{
printf("Could not set the event message file.");
RegCloseKey(hk);
return 0;
}
// Set the supported event types.
dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
if (RegSetValueEx(hk, // subkey handle
L"TypesSupported", // value name
0, // must be zero
REG_DWORD, // value type
(LPBYTE) &dwData, // pointer to value data
sizeof(DWORD))) // length of value data
{
printf("Could not set the supported types.");
RegCloseKey(hk);
return 0;
}
// Set the category message file and number of categories.
if (RegSetValueEx(hk, // subkey handle
L"CategoryMessageFile", // value name
0, // must be zero
REG_EXPAND_SZ, // value type
(LPBYTE) dllName, // pointer to value data
(DWORD) (lstrlen(dllName)+1)*sizeof(TCHAR))) // data size
{
printf("Could not set the category message file.");
RegCloseKey(hk);
return 0;
}
if (RegSetValueEx(hk, // subkey handle
L"CategoryCount", // value name
0, // must be zero
REG_DWORD, // value type
(LPBYTE) &dwCategoryNum, // pointer to value data
sizeof(DWORD))) // length of value data
{
printf("Could not set the category count.");
RegCloseKey(hk);
return 0;
}
RegCloseKey(hk);
return 1;
}
After the example code runs, you can check the following registry key to see the newly created values.
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services EventLog Application SampleEventSourceName
Send comments about this topic to Microsoft
Build date: 3/29/2009