creat event source issue

Question

Hello everyone,

I am using Windows Server 2003 x64 + VSTS 2008 + .Net 3.5 + C#, the API EventLog.CreateEventSource has two parameters, source and logName.

I have two questions,

1. How to call function EventLog.CreateEventSource from PowerShell?
2. What are the meanings of parameter source and logName? How their values are reflected in Windows event viewer?

thanks in advance, George

Answer 1

From MSDN:

"The CreateEventSource method Establishes an application as able to write event information to a particular log on the system."

To create new source from PowerShell:

if (![System.Diagnostics.EventLog]::SourceExists("SourceName"))
{ 
    [System.Diagnostics.EventLog]::CreateEventSource("SourceName", "LogName") 
}

The new source name registers in the "Sources" Multi-String value under HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application

If you open the eventlog viewer you'll see the new source name under the "Source" column for the log you choosed and you can filter events based on the new name.

See this page for more information: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.createeventsource.aspx

HTH