Event Publishers in Windows Event Log

  • Article

An event publisher creates an event and delivers it to an event log. An event publisher is typically an application, service, or driver. There can be multiple publishers for large applications, and the publishers should be distinguished by the major components of an application.

An instrumentation manifest must be created to create an event publisher. The manifest holds the publisher metadata and definitions for events that the publisher can raise. This manifest is an XML file that contains an <instrumentationManifest> element and child elements. The XML is validated against the EventManifest Schema. For more information about the manifest and its contents, see Instrumentation Manifests for Event Publishers. For more information about developing event publishers, see Developing Event Publishers.

Event Publisher Metadata

Defines information about a publisher, and its events, in publisher metadata inside an instrumentation manifest.

The following list describes the publisher metadata:

  • Component identity

    The publisher name and identifier.

  • Event channel definitions and references to any existing event channels defined elsewhere and used by the publisher.

    Channels define the event logs to which an event will be published. For more information, see Event Logs and Channels in Windows Event Log.

  • Event metadata

    The event structure and messages that the publisher will raise. Also levels, opcodes, keywords, tasks, and templates used by the events that can be raised by the publisher.

  • Localizable event messages

    Event messages that can be localized into different languages.

Publisher Naming Conventions

The publisher must be uniquely identified by name on the system on which it is installed. If a manifest references a publisher already installed on the system, then the manifest is used to update the publisher configuration.

There are restrictions on event publisher naming. The publisher name cannot be longer than 255 characters, and cannot contain '>', '<', '&', '"', '|', '\', ':', ''', '?', '*', or characters with codes less than 31. In addition, the name must follow the general constraints on file and registry key names. These constraints can be found at Naming a File, and Registry Element Size Limits.

The distinguished name of a publisher must be specified in the manifest, and it is recommended that the name be based on domain-like company names, product names, and possibly a component name for a multicomponent publisher.

The following XML code example shows the recommended publisher naming convention.

<Company>-<Product Name>-<Component Name>
<Company>-<Product Name>

The following example shows valid publisher names that follow the naming convention.

Microsoft-SqlServer-v8.0
Microsoft-Windows-PrintSpooler
Microsoft-Windows-TaskScheduler

Note  Publishers that can have multiple versions running side-by-side may require a version number in the name.

See Also

Developing Event Publishers

Send comments about this topic to Microsoft

Build date: 5/7/2009