Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Log it or lose it

Log events to the Windows NT Event Log with JNI

By Sunil Kumar and Nitin Nanda, JavaWorld.com, 09/28/01

Page 2 of 4

Event categories

Event categories help you organize events so event viewers can filter them. Each event source defines its own numbered categories and the text strings to which they are mapped. For example, in a data-intensive application, events could be: data write error, data read error, SQL error, and so on. Events would then fall under these categories.

Event identifiers

Event identifiers uniquely identify a particular event. Each event source can define its own numbered events and the description strings to which they are mapped. Event viewers can present these strings to the user.

Event messages

The event messages reside in message resource files containing parameterized strings. When the event message is written to the Event Log, it does not store the entire message string, but rather just the inserted values passed as parameters. The Event Log uses the event identifier to map to the event message displayed in the event viewer. There are two benefits to this arrangement:

• Most of the descriptive text can be stored in the resource file, thus decreasing the size of the logfiles
• The message strings can be made specific to the locale, enabling you to provide a separate resource file for each locale, thus making the application locale independent

Each event source registers message files that contain description strings for each event category and event identifier. These files become registered in the EventMessageFile and CategoryMessageFile registry values for the event source. You can create one message file containing descriptions for the event identifiers and categories, or create two separate message files. Keep in mind that several applications can share the same message file. You should typically create message files as DLLs.

Use the Event Log

So, how do you read and view the NT Event Log?

An event viewer application employs the OpenEventLog function to open the Event Log for reading events. The event viewer can then use the ReadEventLog function to read event records from the log. Figure 2 illustrates the process.

When the user starts the event viewer to view the Event Log entries, the event viewer calls the ReadEventLog() function to obtain the Event Log records. The event viewer uses the event source and event identifier to retrieve the message text for each event from the registered message file (indicated by the EventMessageFile registry value for the source). The EventMessageFile registry key contains the path of the message DLL. The event viewer uses the LoadLibraryEx() function to load the message file. The event viewer then employs the FormatMessage() function to retrieve the description string from the loaded module.