MAKEMSI quickly and reliably creates MSI files in a non-programmatic way\Source CodeCommandsEventLogCustomView

---

The "EventLogCustomView" Command

This command can be used to programatically add custom event views to the Windows event viewer (EventVwr.msc / EventVwr.exe).

You may wish to create a filter for specific sources if you have used "EventLogSource".

You use the eventviewer to manually create or update your filters and then take a copy of the definitions it creates to deploy to as many workstations or servers that you wish:

The macro takes these parameters:

• FILTERXML (required)
  This is the (hopefully renamed) name of a ".xml" file that was exported with the event viewer.

  The file will be installed with this name but it doesn't effect the view within the event viewer as the contents contains the name and description of the "custom view".

  You can supply a "Folder" if you follow this xml file naming convention (the "Folder" parameter if supplied overrides this):

  • If you want to include a menu "Folder" (the "Folder" parameter if supplied overrides this) then begin the filename with:
    1. Start with the "[" character
    2. The menu directory structure, with "\" characters replaced with commas (and optionally followed by a single space).

       If you wanted the filter in the menu structure "a\b\c" then you could provide a filename such as "[a, b, c] SomeFilter.xml" or "[a,b,c]SomeFilter.xml".

    3. End with the "]" character (you may follow this by a single space)

  • The rest of the base filename becomes the default installed ".xml" filename (which doesn't influence how it is named in the event viewer but it like any file its name must also be unique and you should ensure that).

    The "FilterName" can be used to override this name.

  Use the Event Viewer to create the template definitions you want (using the "Create Custom View" action) and then navigate to the "%ALLUSERSPROFILE%\Microsoft\Event Viewer\Views" directory tree. It contains one xml file per filter. Look for the highest numbered file (View_1.xml) or at least the latest xml file (sort by date/time). Either way confirm contents with notepad etc. Copy this file (I rename it to match the customview name).

• FilterName (optional)
  Normally the filter name comes from the filename, this allows you to override that with your own name.

• Folder (optional)
  If you don't want the filter created in the "root" under "custom views" then you should supply the relative path from the root.

• Protected (optional)
  By default or if you pass "Y" (in fact anything but "N") then the imported view will be write protected. When unprotected the user is allowed to edit (and potentially "break") the filter.

  When write protected the user must use "Filter Custom View" to alter filtering (or create new view from it).

• Vital (optional)
  By default or if you pass "N" then the file is considered to be optional and if the user has insufficient privledges during install then they have an "ignore or cancel" option (which doesn't stop the installation of everything else).

  The install probably needs to be elevated to install these files.

You can also use any of the following predefined options:

#define? DEFAULT_EVENTLOG_PROTECTED     Y            ;;By default we protect files
#define? DEFAULT_EVENTLOG_VITAL         N            ;;By default file is not important enought to FORCE an about *user allowed to ignore issues on these files)
#define? EVENTLOG_FILTER_ROOT_DIR       [CommonAppDataFolder]\Microsoft\Event Viewer\Views  ;;You can add to this if you want your root to be a company name under this etc

EXAMPLES

The following demonstrates some variations:

<$EventLogCustomView  FilterXml="ALL WSH (last 30 days).xml">

;--- The following both go into same menu location ---
<$EventLogCustomView  FilterXml="Some filter name1.xml"  Folder="Product X\Sub Menu">
<$EventLogCustomView  FilterXml="[Product X, Sub Menu] Some filter name2.xml">

This shows how to add all the available filter files (as long as you can supply a mask that only selects them):

#DefineRexx ''
    ;--- Get list of "[*.xml" files ---
    call Files4Mask  "[*.xml", "CustomView"
#DefineRexx
#{  FOR FileNumber = 1 to CustomView.0
    ;--- Process each of the files in turn ---
    <$EventLogCustomView FilterXml="<??CustomView.FileNumber>">
#}

Please email me any feedback, additional information or corrections. See this page online (look for updates) MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved). Saturday May 28 2022 at 3:11pm Visit MAKEMSI's Home Page