Thoughts from the EPS Windows Server Performance Team
Useful Microsoft Blogs
Good morning AskPerf! Blake here to discuss an internal command line tool called Eventcreate. What exactly is Eventcreate? I’m glad you asked. In a nutshell, Eventcreate is a command line tool that enables an administrator to create a custom event ID and message in a specified event log. Let’s check out its options and some examples. When you type “Eventcreate /?” from a command prompt, the following appears:
Let’s now take a look at some Eventcreate examples:
Create a simple Information event is the System log with an ID of 76:
Create an Error event in the Application log on a remote system with an ID 123:
Create a Warning event in the Security log with an id of 100:
Did you catch the error above? Windows does not allow you to create custom events in the Security log. This is reserved for System level processes.
So you might be asking yourself, how can this be useful to me? Well, if you write a lot of automated scripts and wonder if they complete successfully or error out, then this is your tool. Simply modify your script with an Eventcreate command, and you’ll never ask again what happened while your script was running.
· Eventcreate on TechNet
· How to create custom events
Is it possible to create a event with multiple lines in the description field? I tried adding return characters, special characters but no luck.
A very handy command.
There's a command in XP called EventTriggers. It configures the event system to trigger actions when user defined events are logged. EventCreate and EventTriggers are very complimentary, especially for testing.
Since Vista, the functionality of EventTriggers has been moved to schtasks.exe using the /EC ChannelName switch (and EventTriggers is no more). However, the documentation on this switch is a little sparse. Requesting a Two-minute drill topic on this functionality.
How can you edit the XML attributes of an event log, and not only add description?
I recently used this on windows server 2008 and all that needs to be done to add additional source is to run as admin. Afterwards it can be run with standard rights to add events to the same / existing source.