You are currently offline, waiting for your internet to reconnect

How to Use Logevent.exe to Log Events From a Batch File

This article was previously published under Q131008
This article has been archived. It is offered "as is" and will no longer be updated.
Logevent.exe, a command line utility, can be used to log an event IDprovided by the user into the Application event log. This allows the userto log errors and informational data from batch files, login scripts, andPerformance Monitor. The application event log can then be viewed andmanipulated with the standard tools used for dealing with event logs.

Under Windows NT 4.0, LOGEVENT can also be used to make entries to theWindows NT Event Log on a local or remote computer. It is particularlyuseful for storing historical information from the execution of batchprograms run from logon scripts or the AT command. Its ability to storeentries into the event log of other computers allows this data to becollected centrally, if required.

Windows NT 3.51

Install Logevent.exe by copying it to the %SystemRoot%\system32 directory.

LOGEVENT requires that the Registry be modified with an additional key. RunLOGEVENT without any parameters to create the required key in the Registry.The following key will be created:
   \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog   \Application\CommandLog				

and will create the following values under this key:
   EventMessageFile   TypesSupported				

All events logged by LOGEVENT will show CommandLog as the source of theevent when viewed in Event Viewer.

The syntax for the Logevent.exe command is:
LOGEVENT xxxxx string1 string2 string3 string4 string5

where xxxxx is the event ID you want to register (in decimal) and string1through string5 are 1 to 5 insertion strings

If LOGEVENT is run without any parameters it will create the required keyin the Registry (as described above). If it is run without any parametersand the Registry key already exists then the following usage will be given:
 [e:\ntbin]logevent   Usage: LogEvent xxxx string1 string2 string3 string4 string5   Where xxxx = numeric ID and stringX is "multiple word string" | single_word				

Only 5 insertion strings are allowed, but this should be sufficient formost applications because the double quote (") character can be used topass as much information as needed in a single string. The case where theadditional strings are useful is where environment variables will be passedas parameters from a batch file. The Event ID must ALWAYS be providedotherwise the utility will provide the usage for the command and will exitwithout logging anything to the log.

For example, LOGEVENT could be used from a batch file to report thesuccessful execution of a command and log it to the Application Event logwith the following example commands:
   LOGEVENT 9876 "program failure in batch file" %0      (to report failure of program execution from a batch file)				

   LOGEVENT 1234 "Program CAPTURE.EXE" "ran successfully to completion"      (from the batch file after successful execution of the program)				

   LOGEVENT 2222 "Program failed for user" %USERNAME% "with a path of" %PATH%      (from a batch file showing use of environment variables)				

Another example is the use of LOGEVENT from Performance Monitor. If PerfMonhas been set up to generate alerts, it is possible to have these alertslogged in the Event Log. However, the current version of PerfMon logs allevents generated by an Alert as the same Event ID in the Application EventLog. If several alerts are being monitored the event Id in the log cannotbe used to distinguish which alert caused the event (although the detailfor the event will show this information).

If the NVAlert feature of SNA server is being used to pass these alerts onto NetView (on a mainframe) then it is necessary to be able to use theEvent ID to distinguish which alert generated the Event in the log. Byusing LOGEVENT it is possible to do this. For example, from PerfMon, youwould set up the alert you want to monitor and then put in the followingcommand to be executed when the alert is triggered:
   LOGEVENT 2001 "Alert generated from Perfmon" "disk usage on D: exceeded 70%%"				

When you view the Event log for the this example, you will see thefollowing:
   Date:      4/13/95      Event ID:  2001   Time:      9:16:40 AM   Source:    CommandLog   User:      N/A          Type:      Information   Computer:  SPYMASTER    Category:  None				

   Description:   The description for Event ID ( 2001 ) in Source ( CommandLog ) could not   be found. It contains the following insertion string(s): Alert generated   from  Perfmon, disk usage on D: exceeded 70%.				

The strings that are provided will be passed first and then the parametersprovided by PerfMon will be passed. The parameters passed from PerfMon areactually the same as the information logged to PerfMon itself. If allparameters passed from PerfMon are to be logged into the event log use thesame line as above but put a ," (comma and double quote) or , (comma) onthe end of the line (for NT 3.5 and NT 3.51 respectively). In this caseonly 1-4 insertion strings should be passed along with the ," or , on theend. For example:
   LOGEVENT 2001 "Alert generated from Perfmon" "disk usage on D: exceeded 70%%"				

will pass the 2 stings provided to LOGEVENT and will then pass all of theinfo from Perfmon as the 3rd insertion string. Note the comma (,) at theend of the line (this is for NT 3.51). For NT 3.1 or NT 3.5 use the ,"characters.

As seen in the event log, it will be reported that the descriptioncould not be found for this Event ID. This is because there is no filecontaining the description strings for Logevent.exe since there is no wayto know what Event IDs the user will be putting in the Event Log. TheEventMessageFile in the Registry will point to the Logevent.exe programitself. However, this is really just a placeholder entry in the Registry asLogevent.exe does not contain any description strings.

The Event IDs logged will really only have meaning for the user or appthat will be monitoring the Event Log (such as NV Alert). Also, in thisexample the %% is required in order for the % to appear in the event log(this is because of the special meaning of the % character in the insertionstring handling).

In addition, because these Events are generated by the user, it was feltthat it is sufficient to put these in the log as Information Type messagesonly. There is currently no way (or need) to log Warning or Error typeevents using this utility.

Windows NT 4.0

To allow the Event Log Viewer to properly display the entry, theapplication should be installed onto the computer being used to view theevent log. Installation is automatically performed when the LOGEVENTprogram is used for the first time.

The syntax for Logevent.exe is:
   LOGEVENT [-m \\MACHINENAME] [-s SIWEF] [-c CategoryNumber] "Event Text"   Severity is one of (S)uccess, (I)nformation, (W)arning, (E)rror or   (F)ailure.				

Article ID: 131008 - Last Review: 12/04/2015 11:27:16 - Revision: 1.2

Microsoft Windows NT Workstation 3.51, Microsoft Windows NT Workstation 4.0 Developer Edition, Microsoft Windows NT Server 3.51, Microsoft Windows NT Server 4.0 Standard Edition

  • kbnosurvey kbarchive kbinfo kbnetwork KB131008