Event Channel

Article
02/02/2010

Applies To: Windows Server 2008

A channel is a pathway that events take between an event publisher and a log file. There is normally a single log file associated with a channel, although there may not be a log file created for channels that have not had any events published to them.

Managed Entities

The following is a list of the managed entities that are included in this managed entity:

Name	Description
Primary Channels	The System, Application, Setup, and Security channels are the primary channels. Each of these channels correspond to an event log that can be viewed in the Event Viewer. The System and Application channels are used by publishers to log administrator-level events. Such events indicate system or application-wide issues. When error or warning events are published to these channels, the events should indicate that the administrator should take an action to resolve the issue. The Setup channel is used for events associated with setup and installations. The Security channel is the repository of the system audit events.

Primary Channels

The System, Application, Setup, and Security channels are the primary channels. Each of these channels correspond to an event log that can be viewed in the Event Viewer. The System and Application channels are used by publishers to log administrator-level events. Such events indicate system or application-wide issues. When error or warning events are published to these channels, the events should indicate that the administrator should take an action to resolve the issue. The Setup channel is used for events associated with setup and installations. The Security channel is the repository of the system audit events.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name	Description
Channel Initialization	Event logs are normally initialized when the Event Log service starts. This initialization can also happen during installation of a component that creates a new log. When the initialization fails, the log is not available to receive events and the diagnostic and troubleshooting capabilities of administrators, support personnel, developers, and automated utilities can be compromised. The application-defined logs are specific to the event provider that created them and will only affect events published by that provider. The operations that remain for the Event Log service and all other event providers are not affected when there is a problem with one of the event logs being initialized.
Private Channel Configuration	Each event channel has configuration settings, such as the maximum size of the log and the custom security descriptor specified by the administrator for the log. The events that refer to the maximum size of the log serve as indicators for how the service dealt with the log when it reached its maximum size. The operation of the service is not affected, but an event can indicate to the administrator the configuration setting that might require a change. Events that report problems with an event log security descriptor are more significant. They can indicate that the desired security settings are not be set correctly and the channel is more or less accessible than intended by the administrator.
Publishing	When an event log is initialized and ready to receive events, all event providers that declared their intent to publish events into the log are enabled to do so. When the Event Log service cannot enable a provider, that provider will not be able to send events into the log. When this happens, the diagnostic and troubleshooting capabilities of administrators, support personnel, developers, and automated utilities could be compromised.

Channel Initialization

Event logs are normally initialized when the Event Log service starts. This initialization can also happen during installation of a component that creates a new log. When the initialization fails, the log is not available to receive events and the diagnostic and troubleshooting capabilities of administrators, support personnel, developers, and automated utilities can be compromised.

The application-defined logs are specific to the event provider that created them and will only affect events published by that provider. The operations that remain for the Event Log service and all other event providers are not affected when there is a problem with one of the event logs being initialized.

Private Channel Configuration

Each event channel has configuration settings, such as the maximum size of the log and the custom security descriptor specified by the administrator for the log. The events that refer to the maximum size of the log serve as indicators for how the service dealt with the log when it reached its maximum size. The operation of the service is not affected, but an event can indicate to the administrator the configuration setting that might require a change.

Events that report problems with an event log security descriptor are more significant. They can indicate that the desired security settings are not be set correctly and the channel is more or less accessible than intended by the administrator.

Publishing

When an event log is initialized and ready to receive events, all event providers that declared their intent to publish events into the log are enabled to do so. When the Event Log service cannot enable a provider, that provider will not be able to send events into the log. When this happens, the diagnostic and troubleshooting capabilities of administrators, support personnel, developers, and automated utilities could be compromised.

Management Infrastructure

Event Channel

Managed Entities

Aspects

Related Management Information

Additional resources