3

Is there a programmatic way which allows me to enable an EventLog if it was disabled by default? In short, I just need to know if I can enable a specific EventLog so that I can use the events programmatically.

Thanks

Improve this question
6
  • This question assumes that it is possible to disable an event log. You ought to document that first. Commented Jun 6, 2012 at 19:15
  • Well, you can enable and disable event log manually. I was wondering if you can enable/disable logging programatically but I am interested in enabling and not disable. Commented Jun 6, 2012 at 19:19
  • @Saher You can't disable individual logs in Windows Server 2008 R2/Windows 7 and I believe Windows Server 2008/Vista. You can stop Event Log service (and start it to enable log). I think that it is possible to disable individual logs in Windows Server 2003 but I'm not sure. I think it's possible to enable custom logs though. (As in not the system ones) Commented Jun 6, 2012 at 19:22
  • Hey @LukeP : can you document that please? Do you know of any resource that can give more info about this? Thanks Commented Jun 6, 2012 at 19:29
  • Can you elaborate on what you're trying to achieve? What is the target OS is it a system log or a custom one? Commented Jun 6, 2012 at 21:35

3 Answers 3

Reset to default
5

To Enable the Windows Event Log use the wevtutil

In particular to enable the Word pad log do the following:

wevtutil sl "Microsoft-Windows-Wordpad/Admin" /e:true
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Writing this comment to add some search keywords for those who wanted "enable event log by name in command line" but getting "how to enable Windows Event Log Service" instead
1

Assuming you're talking about enabling/disabling system logs (Application, Security, Setup, System) I don't think it's possible.

Here's Event Log on Windows Dev center (required deeper poking to find useful info) http://msdn.microsoft.com/en-us/library/windows/desktop/aa964766%28v=vs.85%29.aspx

Here's part about registry settings: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648%28v=vs.85%29.aspx

Group Policy setting: http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx

Which interestingly allow you to enable or disable Setup log but none of the other default ones.

I just think that if you can't do it through registry or group policy then it can't be done.

Edit:

There is no way to programatically enable/disable event logs through the API. The only proof I have is that it's not there. So I checked other ways: PowerShell, WMI, Registry, Group Policy - something you can control from within the code. No joy. However, the only way to disable event log is to stop the service.

Improve this answer

2 Comments

I see, but are you talking of progrmmatically enable/disable? I thought these articles are using the UI to configure
Hey @LukeP: How about activating other Logs (non-System logs) like: Microsoft-Windows-GroupPolicy/Operational
1

This should enable the event log programatically. It uses an EventLogSession parameter

    var elSession = new EventLogSession("computername", "domain", "username", password, SessionAuthentication.Default);
    var elConfig = new EventLogConfiguration("Microsoft-Windows-Wordpad/Admin", elSession);
    if (!elConfig.IsEnabled)
    {
        elConfig.IsEnabled = true;
        elConfig.SaveChanges();
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.