EventLog Service Entries

The subkey for EventLog contains at least three subkeys for the three types of logs: Application, Security, and System. These logfile subkeys contain subkeys that define the locations of the related event message files and the supported types of events, as follows:

• Application - Perflib, Perfmon, Replicator, RemoteBoot

• Security - LSA, SC Manager, Security, Security Account Manager, Spooler

• System - Alerter, Browser, EventLog, NetLogon, Print, Rdr, SAM, server, Service Control Manager, Srv, Wins, workstation

Each of the three logfile subkeys for the EventLog service can contain the value entries described in this section. The Registry path for these entries is the following, where logfile is System, Application, or Security.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\logfile

These entries are described for informational purposes only. This information is usually maintained by Event Viewer.

• File REG_EXPAND_SZ Path and file name

  Specifies the fully qualified path name of the file for this log.

  Default: %SystemRoot%\var\opt\lanman\logs\filename

• MaxSize REG_DWORD Multiples of 64 Kbytes

  Specifies the maximum size of the log file. This value can be set using the Event Viewer.

  Default: 524288 (512 Kbytes)

• Retention REG_DWORD 0 to infinity

  Specifies in seconds that records newer than this value will not be overwritten. This is what causes a log full event. This value can be set using the Event Viewer.

  Default: 604800 seconds (7 days)

• Sources REG_MULTI_SZ List

  Specifies the applications, services, or groups of applications that write events to this log. Each source may be a subkey of the logfile subkey. (The appsources, secsources, and syssources keys also are in the lanman.ini file.)

  Default: (varies according to log file)

The subkeys under a logfile subkey are created by the applications that write events in the related event log. These subkeys contain information specific to the source of an event under the following types of value entries.

• EventMessageFile REG_EXPAND_SZ Character string

  Specifies the path and file name for the event identifier text message file.

• CategoryMessageFile REG_EXPAND_SZ Character string

  Specifies the path and file name for the category text message file. The category and event identifier message strings may be in the same file.

• CategoryCount REG_DWORD 0 - infinity

  Specifies the number of categories supported.

• TypesSupported REG_DWORD 0 - infinity

  Specifies a bitmask of supported types.