|The "EventLogSource" Command|
This command can be used to programatically create a custom sourcename for the Windows Event log allowing someone to filter events in the Windows event viewer (EventVwr.msc / EventVwr.exe). This command is currently restricted to the "Application" log as well as only allowing a single invokation (macro needs a bit more work, let me know if you need it).
This command not only defines the sourcenames but can generate files for logging to those sources. If you use these then this you will get some vbscript (standalone as well imbeddable with the "FileMake" command) as well as a powershell script. The power shell script is required to log to specific sources but if that fails to work (for any reason, including powershell is missing) then the vbscript will be used to fallback to logging under "WSH").
This command allows you to avoid using "WSH" as a source name while also avoid logging messages that begin with text similar to:
The description for Event ID 219 from source SomeCustomSource cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: blah blah
The macro takes these parameters:
The default "Y"/"N" answer comes from "DEFAULT_EVENTLOG_REGISTER_ONLY".
You can also use any of the following predefined options:
#define? DEFAULT_EVENTLOG_REGISTER_ONLY Y ;;Don't generate any scripts to log to the sources you define #define? EVENTLOG_TYPE INFORMATION #define? EVENTLOG_FILE_DIR <$MAKEMSI_NONCA_SCRIPT_DIR>\EventLog #define? EVENTLOG_CATEGORY 219 ;;Windows can't search for this accross sources/logs! #define? EVENTLOG_EVENTID 0 ;;Currently must only use ones valid for "WSH" #define? EVENTLOG_LOG Application ;;Untested on anything else, let me know details of any issues (fallback will always be to "Application" log) #define? EVENTLOG_LOGGING_CODE_DIRKEY INSTALLDIR ;;Do you want to install code that can log to the sources you create or have you "rolled your own"? Supply a installation directory keyname to install the files (RegisterOnly=N) #define? EVENTLOG_REGISTRY_COMMENT_NAME $InstalledBy$ ;;Make it empty to prevent installation of the comment #define? EVENTLOG_REGISTRY_COMMENT MSI: "[ProductName]" version [ProductVersion] built @ <?CompileTime> & installed at [Date] [Time]. #define? EVENTLOG_REGISTRY_COMMENT.PS1 <?Space><?Space>"<$EVENTLOG_SNNE_GENERIC>.ps1" can be used to log to this source! #define? EVENTLOG_#OPTIONS KeepIndent=YES LeaveBlankLines=YES AllowPack=NO
This command basically "clones" the definition of "WSH" so that you are restricted to event ids that "WSH" supports.
You may wish to install a custom filter for specific source names you create by using "EventLogCustomView".