Establishes a valid event source for writing localized event messages, using the specified configuration properties for the event source and the corresponding event log.
Syntax
public static void CreateEventSource (EventSourceCreationData sourceData)
Parameters
- sourceData
Remarks
Use this overload to configure a new source for writing entries to an event log on the local computer or a remote computer. It is not necessary to use this method to read from an event log.
The EventLog.CreateEventSource(EventSourceCreationData) method uses the input sourceData EventSourceCreationData.Source, EventSourceCreationData.LogName and EventSourceCreationData.MachineName properties to create registry values on the target computer for the new source and its associated event log. A new source name cannot match an existing source name or an existing event log name on the target computer. If the EventSourceCreationData.LogName property is not set, the source is registered for the Application event log. If the EventSourceCreationData.MachineName is not set, the source is registered on the local computer.
To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a System.Security.SecurityException is thrown.
Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.
Use erload:System.Diagnostics.EventLog.WriteEvent and erload:System.Diagnostics.EventLog.WriteEntry to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.
Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an System.Diagnostics.EventLogInstaller, or using the erload:System.Diagnostics.EventLog.CreateEventSource method. You must have administrative rights on the computer to create a new event source.
You can create an event source for an existing event log or a new event log. When you create a new source for a new event log, the system registers the source for that log, but the log is not created until the first entry is written to it.
The operating system stores event logs as files. When you use System.Diagnostics.EventLogInstaller or erload:System.Diagnostics.EventLog.CreateEventSource to create a new event log, the associated file is stored in the %SystemRoot%\System32\Config directory on the specified computer. The file name is set by appending the first 8 characters of the EventLog.Log property with the ".evt" file name extension.
Each source can only write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files.
You can register the event source with localized resource file(s) for your event category and message strings. Your application can write event log entries using resource identifiers, rather than specifying the actual string. The Event Viewer uses the resource identifier to find and display the corresponding string from the localized resource file based on current language settings. You can register a separate file for event categories, messages and parameter insertion strings, or you can register the same resource file for all three types of strings. Use the EventSourceCreationData.CategoryCount, EventSourceCreationData.CategoryResourceFile, EventSourceCreationData.MessageResourceFile, and EventSourceCreationData.ParameterResourceFile properties to configure the source to write localized entries to the event log. If your application writes strings values directly to the event log, you do not need to set these properties.
The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the erload:System.Diagnostics.EventLog.WriteEvent method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the erload:System.Diagnostics.EventLog.WriteEntry method to write strings directly to the event log using that source.
To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration rather than deleting the existing source.
If a source is configured for an event log, and you reconfigure it for another event log, you must restart the computer for the changes to take effect.
Requirements
Assembly: System (in System.dll)
Assembly Versions: 2.0.0.0, 4.0.0.0