Create a Custom Event in the Windows Event Viewer

When a lot of more experienced users are troubleshootinga a PC, one of the the first things that will come to mind, is to have a study of the Windows Event Viewer. In the Event Viewer, we are able to track a number of the errors or information events that have happened on the system. From the event logs, at least we know which application is causing the issue, and the time and date the error occurred. With this information, it is possible to narrow down the problem, and then find out the root cause to resolve the issue. Since all of us know the purpose of the event logs, did you ever think of making good use of the event log to create a hidden trail for applications? For example, you do not want somebody to launch a web browser on your system without you knowing about it, as you have a lot of ‘private’ bookmarks stored inside…

In order to create a custom event in the event log, you will need to know little bit of scripting. In Windows XP, Vista and 7, an event can be created in the event log by using an internal command called ‘eventcreate‘. You are able to store the event in either ‘Application‘ log or ‘System‘ log, with an event ID between 1 to 1,000. There seems to be conflicting information whether the limit is 1,000 or 65,535 to create a valid event ID, so it’s advisable to stick to <1,000 to be safe. Let’s assume we want to track the launching of Firefox web browser and record this specific event in the ‘Application‘ log inside the event log with event ID 123.

1. Open up Notepad or your favorite text editor.

2. Type in the command as below:

cd “%SYSTEMDRIVE%\Program Files\Mozilla Firefox\”
firefox http://raymond.cc
eventcreate /T Information /ID 123 /L Application /SO MozillaFirefox /D “Firefox launched”

3. Save the text file as “Firefox.bat”

4. Double click the batch file and run it

Just to explain what the script does, the first and second lines are pretty obvious and make the Firefox folder, or any folder you choose, the current directory. Then it runs Firefox with a website to open, Raymond.cc in this case.

Here’s what the eventcreate commands do:

/T This is the type of event to create which can be one of Error, Warning, Information, Successaudit, and Failureaudit.

/ID As described earlier, it’s best to use a value between 1 and 1,000.

/L Lets you choose which log the event will be created in, Application or System.

/SO The source name that is creating the event, best for it to be the programs name or similar.

/D The description of the event, make sure to enclose a phrase in quotes.

After you execute the batch file, Firefox will launch, and then you can visit the Event Viewer which is located in Control Panel -> Administrative Tools in your system. You will notice that an event is created under ‘Application’ log. There should now be an information event which the source name as MozillaFirefox, and most importantly, it recorded the date and the time when firefox is executed.

A simple but useful trick. After you have created this executable batch, you can always hide it away, and then just change your desktop shortcut target to point to the batch file, instead of pointing the original executable file. With this setting, you will be able to monitor the application launch. I have found that ‘eventcreate‘ is a very useful command, especially when you dealing with scripting or programming.

Of course, you don’t have to restrict this function to Firefox or a browser and it can be used for just about anything. Simply enter the correct directory, the correct executable name and edit the eventcreate line to suit your needs.

Didn't find what you want? The links below could help:

Right Click Context Menus Added to your DesktopUnable to View Pictures in Archive with 7-ZipSync Your Bookmarks Across Browsers and SystemsSave Web Pages as Images or PDF Files with Web Page Saver