LinksTune LinksTune - 1 day ago 4
C# Question

add event log to registry

I'm attempting to access a 'ForwardedEvents' events log on a server using

el = new EventLog("ForwardedEvents", serverName);


this isn't working.

I believe it's not working because the log isn't contained in the registry where Eventlog would expect to find it (HKLM/System/CurrentControlSet/Services/Eventlog/.. ).

How would add the log to registry so it is found, or is there another method to access a log that's not specified in that location?

Answer

Remedied the issue by creating a new registry entry for the Log at: (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\LOGNAME).

Did this by.. ( on windows server 2008 R2 ) ..

1) Right Click on parent folder (eventlog) -> New -> Key

2) Name the key like the evtx file found at (C:\Windows\System32\winevt\Logs\LOGNAME)

3) In the right pane of the registry explorer, right click -> new -> Expandable String Value

4) Name the newly created REG_EXPAND_SZ "File"

5) Right click on the Name "File"

6) Modify

7)In the "Value Data" box, add path to evtx file like

( %SystemRoot%\System32\winevt\Logs\ForwardedEvents.evtx )

Comments