Logging Windows Events using eventcreate.exe

With using batch files and other scripting tools it allows us to automate, one thing we lose with the autromation is the ability to have an event recorded when it fails. Eventcreate.exe enables an administrator to create a custom event in a specified event log.

One use would be with a command script that deletes old logfiles.

The beginning before the execution of cleanup we would write to the application log as an informational alert for the beginning and end of the script.

REM **  put Starting message in Application Log
%SYSTEMROOT%\system32\eventcreate.exe  /T INFORMATION /L APPLICATION /SO Deletelogs /ID 101 /D

‘Delete commands here’

REM **  put Completion message in Application Log
%SYSTEMROOT%\system32\eventcreate.exe  /T INFORMATION /L APPLICATION /SO Deletelogs /ID 201 /D “Completed-Scheduled-Task-to-maintain-Log-files”

More information on the syntax available can be found at Microsoft Technet Article.

This is very helpful in scripts as well as a scheduled tasks and other operations to know what is happening with the system. This works on Windows XP and up.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.