Event Logging

Table of Contents

Overview
Functions
Structures
Constants & Enums
Sample Code
Related Topics

Overview

The Event Logging API enables applications and services to record system and application events to the Windows Event Log. It provides functions for registering event sources, reporting events, reading, clearing, and backing up logs.

Functions

Function	Header	Description
`RegisterEventSourceA/W`	`winbase.h`	Registers an application as an event source.
`DeregisterEventSource`	`winbase.h`	Closes a handle to an event source.
`ReportEventA/W`	`winbase.h`	Writes an event to the log.
`OpenEventLogA/W`	`winbase.h`	Opens a handle to an event log.
`ReadEventLogA/W`	`winbase.h`	Reads entries from an event log.
`ClearEventLogA/W`	`winbase.h`	Clears an event log.
`BackupEventLogA/W`	`winbase.h`	Backs up an event log to a file.

Structures

Structure Members

Structure	Members
`EVENTLOGRECORD`	DWORD Length; DWORD Reserved; DWORD RecordNumber; DWORD TimeGenerated; DWORD TimeWritten; DWORD EventID; WORD EventType; WORD NumStrings; WORD EventCategory; WORD ReservedFlags; DWORD ClosingRecordNumber; DWORD StringOffset; DWORD UserSidLength; DWORD UserSidOffset; DWORD DataLength; DWORD DataOffset;

EVENTLOGRECORD

DWORD Length;
DWORD Reserved;
DWORD RecordNumber;
DWORD TimeGenerated;
DWORD TimeWritten;
DWORD EventID;
WORD  EventType;
WORD  NumStrings;
WORD  EventCategory;
WORD  ReservedFlags;
DWORD ClosingRecordNumber;
DWORD StringOffset;
DWORD UserSidLength;
DWORD UserSidOffset;
DWORD DataLength;
DWORD DataOffset;

Constants & Enums

Name	Value	Description
`EVENTLOG_ERROR_TYPE`	0x0001	Error event
`EVENTLOG_WARNING_TYPE`	0x0002	Warning event
`EVENTLOG_INFORMATION_TYPE`	0x0004	Informational event
`EVENTLOG_AUDIT_SUCCESS`	0x0008	Success audit
`EVENTLOG_AUDIT_FAILURE`	0x0010	Failure audit

Sample Code

The following example registers an event source and writes an informational event to the Application log.

#include <windows.h>
#include <stdio.h>

int wmain()
{
    const wchar_t* source = L"MySampleApp";
    HANDLE hEventLog = RegisterEventSourceW(NULL, source);
    if (!hEventLog) {
        wprintf(L"RegisterEventSource failed: %lu\\n", GetLastError());
        return 1;
    }

    const wchar_t* strings[2] = { L"Operation completed", L"All steps succeeded" };
    if (!ReportEventW(hEventLog,
                      EVENTLOG_INFORMATION_TYPE,
                      0,
                      0x1000,
                      NULL,
                      2,
                      0,
                      strings,
                      NULL)) {
        wprintf(L"ReportEvent failed: %lu\\n", GetLastError());
    }

    DeregisterEventSource(hEventLog);
    return 0;
}