2

I have created an event log source using:

if (!EventLog.SourceExists(EventLogSource)) EventLog.CreateEventSource(EventLogSource);

So every log entry that uses EventLogSource goes into "Application". Then I wanted that all entries those use EventLogSource go into another custom log; so I deleted them then created source with new custom log:

try { EventLog.DeleteEventSource(EventLogSource); }
catch { }
try { EventLog.Delete(EventLogName); }
catch { }

...
if (!EventLog.SourceExists(EventLogSource)) EventLog.CreateEventSource(EventLogSource, EventLogName);
while (!EventLog.SourceExists(EventLogSource)) { }

BUT when I log using EventLogSource the entries still are going into "Application" instead of EventLogName.

Note:

I wrote this in comments and I think It helps to describe my problem better: In Windows Event Viewer you see a "Windows Logs" and "Application" is under that. There is another node in the tree named "Applications and Services Logs" which I want to create a custom log under that. I can do that successfully. The problem is that an event source that was previously registered to "Application" can not be un-registered from "Application" and re-register in my own "MyCustomLog".

Improve this question
4
  • not constructive and clear requirement. Its quite confusing a lot. Could you give more detail? Commented Sep 11, 2012 at 7:23
  • In Windows Event Viewer you see a "Windows Logs" and "Application" is under that. There is another node in the tree named "Applications and Services Logs" which I want to create a custom log under that. I can do that successfully. The problem is that an event source that was previously registered to "Application" can not be un-registered from "Application" and re-register in my own "MyCustomLog". Commented Sep 11, 2012 at 7:29
  • 1
    If I remember correctly, the event system in Windows caches some information about sources, and you really need to delete the source, Reboot, then re-create the source, to get it to work. Commented Sep 11, 2012 at 7:42
  • @Damien_The_Unbeliever Thanks; It worked. Please add your comment to answers so I can mark It as the answer. Commented Sep 11, 2012 at 9:04

1 Answer 1

Reset to default
6

The event system in Windows caches some information about sources. This means that if you delete a source and re-add it, it will continue to be logged to the same log it was using originally.

There's no documented way to force the event system to clear this cache. The only way I know of is to reboot the machine - so you need to delete the source, reboot, then re-create the source.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for the suggestion to reboot the machine - that was what fixed my similar problem.
I've upvoted this answer, because it's right, but I don't like it :( Rebooting the machine isn't an option for me

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.