I have an enterprise project where the customer is using a log monitoring system and would like to be able to trap application events so that they can be handled and escalated properly, e.g. database issues separated from network resources and so on.
The Windows Event Logging seems to have changed since Vista (?) and is not anymore about passing message and severity level but now there is a prior service registration and as part of that, the service events have description files (compiled as DLL) that map the EventID with actual description of the issue. When using the current system.log, the event viewer records the issue by first complaining about the lack of registration and suggest re-installing the app, and then the message passed in system.log is shown as additional information. The EventID seems to be hardcoded to always be 1000 but without the service registration, it isn’t linked with registered description so the mapping fails and it is complaining about that in every event.
Has anyone worked with Windows Event mechanism at this level? Christian was kindly suggesting that he could include a complete ReportEvent (https://docs.microsoft.com/de-de/windows/win32/api/winbase/nf-winbase-reporteventa?redirectedfrom=MSDN) in plugins, and of course with low volumes it could also be passed using a PowerShell cmdlet and Shell. That will still leave the need to register the event source and build the mapping file though. The event source registration requires admin rights so it would need to be in installer anyway since cannot expect app being run as admin. In the future, it might be helpful to include EventID also in the system.log.