CODEWITHSUNDEEP
windowseventspowershelllogging
user1008820
user1008820

Reputation: 181

How to display String name of task category in event log using Write-EventLog?

So, I am attempting to write to the Windows Event Log using Write-EventLog. I've compiled a CategoryMessageFile .dll and have registered it in the registry.

My script writes to the event log for the most part, but the problem is that the event doesn't display the category name; it displays the category message id enumerated in the dll.

New-EventLog -LogName Application -Source 'test1' -CategoryResourceFile 'C:\Windows\Microsoft.NET\Framework64\v2.0.50727\test.dll'

Write-EventLog -LogName Application -Source 'test1' -EntryType Information -EventId 1 -Message "$($DataSet.Tables[0].Rows[$i][6])" -Category 1

I know the mapping is correct because when I run

Get-EventLog -LogName Application -Newest 3 | Format-List

The correct Category name shows up under Category for the events I had just written to the log.

Here is what my mc file looked like.

;// Header


;// Categories
MessageIdTypedef=WORD

MessageId=0x1
Language=English
ETLUncategorizedError
.

MessageId=0x2
Language=English
ETLThresholdExceeded
.

MessageId=0x3
Language=English
ETLMalformattedFile
.

MessageId=0x4
Language=English
ETLWebInvocationFailure
.

So, how do I get the name to display instead of the number in the event log?

Upvotes: 6

Views: 4367

Answers (2)

Rich Shealer
Rich Shealer

Reputation: 3524

Try adding the machine's Authenticated Users or Users group to the message folder's security level. Keep the default permissions. Then either reboot or try to restart the EventLog service.

At an administrator command prompt: net stop eventlog

You will likely be prompted to shutdown other services. You must enter Y to continue. The services being shutdown will normally restart on their own so you just need to wait a few seconds. The eventlog service may fail to shutdown because another service has restarted, it may take a couple of tries to get everything down. Watch the resulting text closely for status.

Upvotes: 0

Vern_Anderson
Vern_Anderson

Reputation: 100

You're probably looking for it in the Application or System log event and the first command you ran created a log named TEST1.

DESCRIPTION This cmdlet creates a new classic event log on a local or remote computer. It can also register an event source that writes to the new log or to an existing log.

Upvotes: 0

Related Questions