Windows Event Log Service
Updated: August 5, 2011
Applies To: Windows Server 2008 R2
The Event Log service maintains a set of event logs that the system, system components, and applications use to record events. It must also register event providers and the configuration of the system that is required for events and event traces to be delivered to their destination (event logs and trace files).
The service exposes functions that enable programs to maintain and manage the event logs, configure event publishing, and perform operations on the logs, such as archiving and clearing.
Administrators can maintain event logs and perform administrative tasks using the Wevtutil command-line utility and the Event Viewer MMC plug-in. These operations require administrator privileges. The same utilities allow viewing the contents of the logs and viewing the current status of the service and the logs. These operations may also require administrative privileges, depending on the security descriptor of the log.
The following is a list of the managed entities that are included in this managed entity:
Event Providers publish events to event logs. Providers are registered with the event logging and tracing subsystem of the Windows operating system. Their definition contains information required to interpret these events and to display readable strings that are associated with them.
A channel is a pathway that events take between an event publisher and a log file. There is normally a single log file associated with a channel, although there may not be a log file created for channels that have not had any events published to them.
The following is a list of all aspects that are part of this managed entity:
The runtime handling of incoming events relates to how the Event Log service interacts with the operating system (OS) to deliver events.
When the OS fails to deliver events, you might not receive all the events logged by the OS components and applications. When this happens, the diagnostic and troubleshooting capabilities of administrators, support personnel, developers, and automated utilities can be compromised. Because the event delivery occurs within the OS kernel, the problem can be an indication of a an issue with the resources available to the OS.