INFO: Using EvtFormatMessage to Obtain Formatted Strings for an Event

Summary

An event can contain localized message strings that you can format for display. To get a message string from the event, call the EvtFormatMessage function. An event can contain the following message strings:
  • A message string for the event itself.
  • A message string that describes the level value assigned to the event.
  • A message string that describes the task value assigned to the event.
  • A message string that describes the opcode value assigned to the event.
  • A message string that describes the keyword values assigned to the event.
  • A message string that describes the channel value assigned to the event.

In order for EvtFormatMessage to format the requested text, the metadata provider associated with the event must be available and contains metadata for the specified event. The EvtFormatMessage function may fail if the metadata provider is not available or if metadata is not available for the specified event.

The Windows SDK documentation on "Formatting Event Messages" contains a sample application that demonstrates using the EvtFormatMessage function. The sample demonstrates handling the errors that may occur when there is no metadata available for the specified event (ERROR_EVT_MESSAGE_NOT_FOUND) or the event ID cannot be found (ERROR_EVT_MESSAGE_ID_NOT_FOUND), but does not provide any implementation for handling the errors.

The calling application defines the strings that are displayed, if any, when a call to EvtFormatMessage fails to retrieve the requested message string. For example, Windows Event Viewer on English systems displays "None" when EvtFormatMessage fails to retrieve the task value assigned to the event when the task ID is zero or the task ID in parenthesis when the task ID is non-zero. The Eventing Command Line Utility (wevtutil.exe) displays "N/A" when EvtFormatMessage fails to retrieve the task value assigned to the event.








Properties

Article ID: 2435556 - Last Review: Oct 12, 2010 - Revision: 1

Feedback