EventSource doesn't write logs in windows event viewer

Question

I'm trying to write log in Windows event viewer. I created class and create method for catching exceptions. Here is my code :

[EventSource(Name = "Samples-EventSourceDemos-EventLog")]
public sealed class MinimalEventSource : EventSource
{
    public static MinimalEventSource Log = new MinimalEventSource();
    [NonEvent]
    public void WriteLog(Exception exception)
    {
        UnhandledException(exception.Message);
    }

    [Event(601, Message = "Unhandled exception occurred. Details: {0}", Keywords = EventKeywords.None, Level = EventLevel.Critical)]
    private void UnhandledException(string exceptionMsg)
    {
        this.WriteEvent(601, exceptionMsg);
    }
}

static void Main(string[] args)
{
    AppDomain.CurrentDomain.UnhandledException += CurrentDomain_UnhandledException;
    throw new Exception("TestException");
}

private static void CurrentDomain_UnhandledException(object sender, UnhandledExceptionEventArgs e)
{
    MinimalEventSource.Log.WriteLog(e.ExceptionObject as Exception);
    Process.GetCurrentProcess().Kill();
}

In Windows event viewer I couldn't find this log

I installed Microsoft.Diagnostics.Tracing.EventSource from nuget. It creates manifests after rebuilding. Here is debug folder

I decided to registr it by code :

string commandOfRegistringEventSource = "";
using (Process process = new Process())
{
    ProcessStartInfo startInfo = new ProcessStartInfo
    {
        WindowStyle = ProcessWindowStyle.Hidden,
        FileName = "cmd.exe",
        Arguments = commandOfRegistringEventSource
    };
    process.StartInfo = startInfo;
    process.Start();
}

I tried execute using wevtutil.exe im <EtwManifestManFile> /rf:"<EtwManifestDllFile>" /mf:"<EtwManifestDllFile>", but it shows errors like The system cannot find the file specified.,... Please help me to write cmd command of registring EventSource. Here is manifest

 C:\Users\dilshodk\source\repos\ETW loggiing\ETW loggiing\bin\Debug\ETW loggiing.Samples-EventSourceDemos-EventLog.etwManifest.dll
C:\Users\dilshodk\source\repos\ETW loggiing\ETW loggiing\bin\Debug\ETW loggiing.Samples-EventSourceDemos-EventLog.etwManifest.man

Answer 1

You need some more steps to get this working. First of all, you need to set the Channel property of the Event attribute like this:

[EventSource(Name = "Samples-EventSourceDemos-EventLog")]
public sealed class MinimalEventSource : EventSource
{
    public static MinimalEventSource Log = new MinimalEventSource();
    [NonEvent]
    public void WriteLog(Exception exception)
    {
        UnhandledException(exception.Message);
    }

    [Event(601, Channel = EventChannel.Admin,  Message = "Unhandled exception occurred. Details: {0}", Keywords = EventKeywords.None, Level = EventLevel.Critical)]
    private void UnhandledException(string exceptionMsg)
    {
        this.IsEnabled().Dump();
        this.WriteEvent(601, exceptionMsg);
    }
}

The, second, your EventSource need to be registered. The steps are outline here:

One requirement introduced by channel support is the need to statically register the ETW provider manifest. The NuGet package supports generating the files needed for static registration as part of your build. After your build completes a new step is run that generates a pair of files for each of the event source types defined in the project: ..etwManifest.man and ..etwManifest.dll

The first file contains the ETW manifest while the second one contains the binary form of the ETW manifest plus any needed native resources (localization string tables in particular).

The tool that generates the above two files is “eventRegister.exe” and it performs two functions: It ensures the registration files are generated for all event source types that need static registration, and It performs a number of validation checks on all the event source types defined in the output assembly. Deploying your component will need to include these files and perform one registration step at installation time and one un-registration step at un-installation time.

Registration:

wevtutil.exe im <EtwManifestManFile> /rf:"<EtwManifestDllFullPathName>" /mf:"<EtwManifestDllFullPathName>"

Unregistration:

wevtutil.exe um <EtwManifestManFile>

For static registration eventRegister.exe generates manifests that include all localization information. This is needed because the manifest is generated at build time, when there’s no information regarding the culture in which the final application will run.

Note you will see that in the .etwManfest.man file that the build generated, there are path names for the resource file and manifest file in this file. They are the paths that existed at build time. These paths are NOT used if you use the /rf and /mf options. Thus you should always specify the /rf: and /mf options (unless you hand modify the .etwManifest.man file to specify deployment-time file paths for the DLL). Finally, it is important that you use FULLY qualified names for the /mf: and /rf: options. You can use environment variables THAT ARE AVAILABLE TO ALL PROCESSes (e.g. %SystemRoot% or %ProgramFiles%), but you should not use relative paths (it is not clear what they are relative to, probably System32, but don’t count on it). The general recommendation is to copy your etwManifest.dll and .etwManifest.man to a directory under %ProgramFiles% and then use wevtutil to register them at that location.

The easiest way to create the files described above is to add this NuGet Package as it will create those files when building your project. It comes with the docs in .docx format.

Answer 2

I have done this in the past write to the event log Application:

using (EventLog eventLog = new EventLog("Application")) 
{
    eventLog.Source = "Application"; 
    eventLog.WriteEntry("Log message test", EventLogEntryType.Information, 101, 1); 
}