Newsletter sign-up
View all newsletters

Enterprise Java Newsletter
Stay up to date on the latest tutorials and Java community news posted on JavaWorld

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

JavaWorld.com > Java Development Tools >

Log it or lose it

Log events to the Windows NT Event Log with JNI

By Sunil Kumar and Nitin Nanda, JavaWorld.com, 09/28/01

  • Print
  • Feedback
.
Almost all Java middle-tier components need to log such events as database SQL statements, Java exceptions, and function entry and exit points. Those Java applications running on Windows NT must log events into the NT Event Log, the central repository for all such events.

However, the JDK does not directly support writing to the NT Event Log. To do so, you need to expose a method in the JNI (Java Native Interface) DLL (Dynamic Link Library) to direct the events to the NT event viewer.

This article has three sections. The first covers logfiles, event sources, event categories, event identifiers, and event messages. The second section demonstrates how to create a message file as a DLL, how to make the DLL self-registering, and how to create a JNI DLL that exposes a method to direct events to the NT Event Log. Finally, you'll see a sample Java program illustrating the JNI method in action.

Note: The discussion in this article applies to Windows NT version 4.0 and higher.

The event logging mechanism

The NT Event Log, a Windows NT service that starts whenever Windows NT boots, logs warnings, exceptional conditions, and other administrative messages, all of which it writes to event logfiles. Since the service uses RPC (Remote Procedure Call), you can view and log the messages from remote machines.

You can employ event logging to:

  • Catch exceptional conditions and log them for support staff.
  • Read invalid values.
  • Synchronize the sequence of applications by using the NT Event Log as a central facility. By logging the source name and time, the applications can check the events and start them in the correct order.


Applications report events by calling the ReportEvent() function. The system passes the parameters to the event logging service, which uses the information to write the event log record to the event logfile. Figure 1 illustrates the process.

Figure 1. The event logging mechanism

The major elements used in event logging include:

  • Logfiles
  • Event sources
  • Event categories
  • Event identifiers
  • Event messages


Let's examine each in turn.

Logfiles

The event logging service uses information from the EventLog registry key when an application writes to and reads from the Event Log. The EventLog key (shown in the following example) contains several subkeys, called logfiles. The logfiles allow the event logging service to locate the resource for a particular application to enable it to perform logging services. The default logfiles are Application, Security, and System. The structure in the registry is as follows: 

HKEY_LOCAL_MACHINE 
    SYSTEM 
     CurrentControlSet 
       Services 
        EventLog
          Application 
          Security 
          System


Applications and services use the Application logfile, while device drivers use the System logfile. When you turn auditing on, the system generates success and failure audit events in the Security log.

Event sources

Each logfile contains subkeys called event sources -- the name of the software that logs the event. The structure is as follows: 

HKEY_LOCAL_MACHINE 
    SYSTEM 
     CurrentControlSet 
       Services 
         EventLog 
            Application
              AppName
            Security 
            System
              DriverName


Each event source contains information specific to the software that will log the events, such as the message files, as shown in the table below.

  • Print
  • Feedback

Resources