If I select to filter the "Application" log in the EventLog viewer, I can see a lot of Sources registered with the "Application" log. How could I programatically enumerate all these sources via C#? And it seems I cannot register my own evento source with "Application" and "System" log, why?
BTW: The concept of "event source" is really confusing...
There might be a more appropriate .NET or Windows API you could reference for this, but the info is ultimately stored in the registry under the Eventlog service key. The service's root key is here:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
Most of the subkeys under that key will be the various event logs on the system including System and Application. For each log, it will contain a bunch of additional subkeys that represent the registered sources for that log. So just enumerate the subkeys to get your list.
On XP/2003 OSes, the log's subkey also contains a REG_MULTI_SZ value called Sources that should match the list of source subkeys. That value appears to no longer be used on Win7/2008 R2 machines (not sure about Vista).