.NET 1.1+

Logging Messages in Event Logs

Microsoft Windows provides a built-in event logging system where informational messages, warnings, errors and audit details can be stored and viewed with the Event Viewer utility. This system is ideal for logging messages generated by a .NET application.

Event Logging System

There are many occasions when you will want to log messages to describe the current status of your application. During development, you may log events to assist in debugging complex problems. For applications that have no user interface, such as Windows services or application plug-ins, a log of events may be your only visibility of the activities performed. In live systems, event logs can help you to understand and resolve user support requests.

Each of these scenarios requires a method of storing structured messages and a means of viewing those messages at a later time. This is the purpose of the event logging system provided by Microsoft Windows. The system allows events to be stored centrally within a set of pre-configured or custom event logs.

Standard Logs

The Windows event logging system separates messages into event logs, each holding a timestamped list of logged items. Three standard logs are available on versions of the operating system from Windows NT 4.0 onwards:

• Application Log. This log is used to store messages produced by application software that has been installed by the user. This is the preferred target log for events generated by your .NET programs if you wish to use a built-in log.
• System Log. The system log is used to hold operating system events. These events provide information relating to built-in services, components and drivers. You can create events in this log from a .NET program but should carefully consider whether this is appropriate.
• Security Log. This log records security events, such as failed attempts to log into Windows or firewall issues. This log cannot be written to using the methods described in this article.

There can be many more logs in addition to the application, system and security logs. Some may be defined by newer versions of Windows and some by installed applications. These can include event logs that you have created yourself using the methods described later in this article.

Message Types

There are five different types of event that can be added to an event log. Each has a particular meaning that should be considered when you log your own messages:

• Error. Indicates a significant problem or failure. This may signify that data was lost or that functionality failed to execute.
• Warning. Signals a problem that is less significant than an error. Warnings are often used to highlight a condition that has the potential to become a problem, such as low disk space or memory, or an issue that was overcome automatically but that should be investigated.
• Information. This type of message is commonly used to log successful activities that do not require any intervention. For example, you may log an informational message to indicate that a batch process was completed.
• Success Audit. Denotes a successful audited security access attempt. Success audits are used extensively in the security log to indicate, for example, a successful logon attempt. This type of message is uncommon in application logs.
• Failure Audit. A failure audit event describes an unsuccessful audited security access attempt. This type of message is uncommon in application logs.