Applies To: Windows Server 2008
Event Providers publish events to event logs. Providers are registered with the event logging and tracing subsystem of the Windows operating system. Their definition contains information required to interpret these events and to display readable strings that are associated with them.
The following is a list of all aspects that are part of this managed entity:
An event provider usually corresponds one-to-one to a component or an application, although it is possible for a single application to register multiple providers. Each provider registration informs the system where the resources associated with the provider are found. The resources contain the set of events that the provider can publish, metadata related to these events, and readable descriptions of the events, which are localized to various languages (depending on the OS installation).
When the providers are not registered correctly, the Event Log service will not be able to find some of the resources associated with the provider. When this happens the provider will not be able to publish its events, or the description associated with the events will not display correctly when the event is viewed.
Each event contains the name of the provider that published the event. The registration information about that provider can be obtained by typing the following at the command line:
wevtuitl gp providerName
In the command above, providerName should be replaced by the name of the provider as it appears in the event.