cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I want to create a custom folder in the Application and services log area in windows event logs

Meshubham
Copper Contributor

‎Mar 02 2021 03:19 AM

‎Mar 02 2021 03:19 AM

I want to create a custom folder in the Application and services log area in windows event logs

I am trying to create a custom folder in the Application and services log area in windows event logs. Inside the folder I want to create two custom area’s ex: Area1, Area2.In Area1, I want to write the logs from one source and In Area2, I want to write logs from another source. Original i want to do it using .net c# but as couldn't do it using c# soI used powershell script to achieve this.
the code is below:

 

 

$PrimaryEventKey = 'Comp1'
$ApplicationName = 'App1'
$LogName = TSP

# Vars()
$primarylocation = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels'
$LogName = $PrimaryEventKey + '-' + $ApplicationName + '-' + $LogName
$EventRoot = (Join-Path $primarylocation $LogName)

if (!(Test-Path $EventRoot)) {
    New-Item -Path ($secondarylocation + '/' + $Logname)
    New-ItemProperty -Path ($secondarylocation + '/' + $Logname) -Name providerGuid -PropertyType String -Value "{$($GUID)}"

    New-Item -Path $EventRoot
    New-ItemProperty -Path $EventRoot -Name Enabled -PropertyType DWord -Value 1
    New-ItemProperty -Path $EventRoot -Name Type -PropertyType DWord -Value 1
    New-ItemProperty -Path $EventRoot -Name Isolation -PropertyType DWord -Value 0
    New-ItemProperty -Path $EventRoot -Name RestrictGuestAccess -PropertyType String -Value 1
    New-ItemProperty -Path $EventRoot -Name OwningPublisher -PropertyType String -Value "{$($GUID)}"

    # See https://docs.microsoft.com/en-us/windows/desktop/eventlog/eventlog-key for documentation on the ChannelAccess or or RestrictGuestAccess (see: RestrictGuestAccess / Isolation)
}
else {
    Write-Warning 'Event Log (Key) Already exists in registry'
}

# Write into the event log (Example)
$eventType = ([System.Diagnostics.EventLogEntryType]::Information)
$evt = New-Object System.Diagnostics.EventLog($LogName)
$evt.Source = "SomeSource"
$evt.WriteEntry("random message", $eventType, 60001)

 

 

 

By running this script I am able to create folder hierarchy but  when I go to see the event logs It is  showing error like:
"Event Viewer can open the eventlog or custom view verify the event log service is running or query is to long. the data is invalid(13)."

How to resolve this issue or is there any alternative approach to do it ?Or any other way to create folder structure and then write logs in .net or through script ?

Labels:
Preview file
73 KB
905 Views
0 Likes
0 Replies
Reply
0 Replies