wilsond has asked for the wisdom of the Perl Monks concerning the following question:

I "fixed" it by making a messages dll. See below for info on how I went about it. It looks complicated, but it's really not difficult.

Does anyone know a way to write to the event log without this error embedded in the log?

Here is the anonymized event log entry example:

Event Type:    Information
Event Source:    MyAppName
Event Category:    None
Event ID:    0
Date:        1/20/2009
Time:        1:28:16 AM
User:        N/A
Computer:    COMPUTER-NAME
Description:
The description for Event ID ( 0 ) in Source ( MyAppName ) cannot be f
+ound. The local computer may not have the necessary registry informat
+ion or message DLL files to display messages from a remote computer. 
+You may be able to use the /AUXSOURCE= flag to retrieve this descript
+ion; see Help and Support for details. The following information is p
+art of the event: This is a test log entry..

[download]

I've already found "Write to WIndows Event Log", but it doesn't really answer the question for me. I could use the WSH method, but I want my application's name to show up as the source, not "WSH". I can't use Win32::EventLog::Message because the version provided by Dave Roth doesn't support ActivePerl 5.10 and doesn't look like it ever will. Win32::EventLog::Message seems like the right answer, but too bad about the version problem.

Here is a sample of the code that I'm currently using to write the log:

use Win32::EventLog;

my $eventlog = Win32::EventLog->new('MyAppName');

$eventlog->Report({
  EventType => EVENTLOG_INFORMATION_TYPE,
  Strings => qq(This is a test log entry.),
});

[download]

Even using the test case included with the module (at http://cpansearch.perl.org/src/JDB/Win32-EventLog-0.076/t/eventlog.t) fails in the same way.

Here's what I did to make it work for me:


While I ask a lot of Win32 questions, I hate Windows with a passion. That's the problem with writing a cross-platform program. I'm a Linux user myself. I wish more people were.
If you want to do evil, science provides the most powerful weapons to do evil; but equally, if you want to do good, science puts into your hands the most powerful tools to do so.
- Richard Dawkins

Replies are listed 'Best First'.
Re: Write to Win32 Event Log, get "/AUXSOURCE=" error
by BrowserUk (Patriarch) on Jan 20, 2009 at 12:52 UTC

    Report() takes a hash. It should contain the following keys:

    1. Computer: identifies the computer. Can be null for the local computer.
    2. Source: Identifies the application.

      This string is not just a text identifier, but also a key in the registry: 

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Applicat
+ion\"source".

      [download]

      This is used to associate a compiled resource (a .dll) with the event source (application) that contains a RT_MESSAGETABLE of strings.

      Those strings are identified by an integer ids (EventID), and can contain substitution placeholders (%1, %2 etc).

    3. EventType (INFO | WARNING | ERROR | AUDIT SUCCESS |AUDIT FAILURE).
    4. Category: An application define numeric value.
    5. EventID: The message number within the message table.
    6. Data: Some raw binary data associated with the event.
    7. Strings: A buffer of 0 or more null-terminated strings that will be substituted for the placeholders embedded within the message text identified by EventID retrieved from the message table located in the resouce dll pointed at in the registry by the source parameter.

    The error message is telling you that the "source" identifier cannot be located within the registry. Hence, the text associated with the EventID (which you aren't supplying!) cannot be retrieved. Therefore the string you supply cannot be substituted into it.

    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]
[select]

      Awesome. This sounds quite right, though I haven't tested it yet, about to do it now. This is exactly the input I needed. Thanks, you rock.


      While I ask a lot of Win32 questions, I hate Windows with a passion. That's the problem with writing a cross-platform program. I'm a Linux user myself. I wish more people were.
      If you want to do evil, science provides the most powerful weapons to do evil; but equally, if you want to do good, science puts into your hands the most powerful tools to do so.
      - Richard Dawkins
[reply]

        I don't want to use it, but in case it helps anyone, I found that in XP (and probably newer Windows versions), there is a binary in SYSTEM32 called eventcreate.exe that will write to the EventLog with a custom source name without the same error I've been getting. This is an example usage: eventcreate /ID 1 /L APPLICATION /SO MyAppName /T INFORMATION /D "This is a test entry in the EventLog."

        And extending on the idea of using eventcreate.exe, you can use it in a different way: using it as the source of your EventLog messages in the registry. Here is what works for me (import into registry after modifying your app name:

        Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Applica
+tion\MyAppName]
"EventMessageFile"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52
+,00,6f,\
  00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00
+,32,00,\
  5c,00,45,00,76,00,65,00,6e,00,74,00,43,00,72,00,65,00,61,00,74,00,65
+,00,2e,\
  00,65,00,78,00,65,00,00,00
"TypesSupported"=dword:00000007
"CustomSource"=dword:00000001

        [download]

        While I ask a lot of Win32 questions, I hate Windows with a passion. That's the problem with writing a cross-platform program. I'm a Linux user myself. I wish more people were.
        If you want to do evil, science provides the most powerful weapons to do evil; but equally, if you want to do good, science puts into your hands the most powerful tools to do so.
        - Richard Dawkins
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom