Requirement
- You want to record an event on Windows Event Log.
- The log should be recorded with a custom application and source.
- The message of the event should be recorded appropriately. The message should not contain the warning like
The description for Event ID ( <####> ) in Source (<application name>) could not be found..
What you have to do
- Run the following command on PowerShell with administrator privilege. Note that you have to once register, remove, and re-register the event source with a custom log name. When you run
Write-EventLogjust afterNew-EventLog -LogName Application -Source MyLogSource, the message contained the warning above in my environment.
PS C:\> New-EventLog -LogName Application -Source MyLogSource PS C:\> Remove-EventLog -Source MyLogSource PS C:\> New-EventLog -LogName MyLogName -Source MyLogSource
- Run
Write-EventLogwith the ordinal user privilege.
PS C:\> Write-EventLog -LogName MyLogName -Source MyLogSource -EventID 1 -Category 0 -EntryType "Information" -Message "SOME MESSAGE"
Note (the location of events)
Note that New-EventLog adds a new entry [Application and Service Logs]-[MyLogName] on the Windows Event Viewer, but it will be empty. The Write-EventLog will add an event on [Windows Logs]-[Application]. The general information of the event will be like this:
| Item | Value |
|---|---|
| Log Name | Application |
| Source | MyLogSource |
| Event ID | 1 |
| Lelel | Information |
| User | N/A |
| OpCode | Information |
| Task Category | None*1 |
| Keywords | Classic |
| Computer | (equals to the result of hostname) |
Note (message table DLL and MUI files)
Some site *2*3 says you need to make a message table DLL with mc.exe, rc.exe, link.exe to suppress the message The description for Event ID ( <####> ) in Source (<application name>) could not be found. Some site also says you need MUI files for DLLs. In my environment, message table DLL doesn't work and New-EventLog solves the problem.
