Some large applications will write some of their events into the log, such as SQL Server,norton,iis. I google a bit, online information on this aspect is not very complete, so finishing processing. Here are some of the experiences I've seen on MSDN, shared with Google and myself.
I. Registering an event source. (Requires the administrator to log on to the local only line)
You need to register an event source for your application to show that those are the events that belong to your application.
HKEY HK;
ULONG disposition, allowed;
Char szname[256];
strcpy (SzName, "system\\currentcontrolset\\services\\eventlog\\application\\");
strcat (SzName, "Cmcard");
if (RegCreateKeyEx (hkey_local_machine,szname,0,null,reg_option_non_volatile,key_all_access,
null,&hk,&disposition))//Create a key for the event source
{
printf ("Unable to create registry key");
Return
}
strcpy (SzName, "%systemroot%\\system\\mydll.") DLL ");
if (RegSetValueEx (HK, "EventMessageFile", 0,REG_EXPAND_SZ, (LPBYTE) Szname,strlen (szName) +1))
{//Specifies an event DLL to interpret the event for the event source.
printf ("Unable to create/set registryvalue (message DLL name)");
Return
}
allowed=eventlog_error_type| eventlog_warning_type| Eventlog_information_type;
if (RegSetValueEx (HK, "typessupported", 0,reg_dword, (LPBYTE) &allowed,sizeof (DWORD))
{//Specify type for event source
printf ("Unable to Create/set registry value (message types)");
Return
}
RegCloseKey (HK);