EventLog.xml

<Type Name="EventLog" FullName="System.Diagnostics.EventLog">
  <TypeSignature Language="C#" Value="public class EventLog : System.ComponentModel.Component, System.ComponentModel.ISupportInitialize" />
  <TypeSignature Language="ILAsm" Value=".class public auto ansi beforefieldinit EventLog extends System.ComponentModel.Component implements class System.ComponentModel.ISupportInitialize" />
  <TypeSignature Language="DocId" Value="T:System.Diagnostics.EventLog" />
  <TypeSignature Language="VB.NET" Value="Public Class EventLog&#xA;Inherits Component&#xA;Implements ISupportInitialize" />
  <TypeSignature Language="F#" Value="type EventLog = class&#xA;    inherit Component&#xA;    interface ISupportInitialize" />
  <TypeSignature Language="C++ CLI" Value="public ref class EventLog : System::ComponentModel::Component, System::ComponentModel::ISupportInitialize" />
  <AssemblyInfo>
    <AssemblyName>System</AssemblyName>
    <AssemblyVersion>1.0.5000.0</AssemblyVersion>
    <AssemblyVersion>2.0.0.0</AssemblyVersion>
    <AssemblyVersion>4.0.0.0</AssemblyVersion>
  </AssemblyInfo>
  <AssemblyInfo>
    <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
    <AssemblyVersion>4.0.0.0</AssemblyVersion>
    <AssemblyVersion>4.0.1.0</AssemblyVersion>
    <AssemblyVersion>4.0.2.0</AssemblyVersion>
    <AssemblyVersion>5.0.0.0</AssemblyVersion>
    <AssemblyVersion>6.0.0.0</AssemblyVersion>
    <AssemblyVersion>7.0.0.0</AssemblyVersion>
    <AssemblyVersion>8.0.0.0</AssemblyVersion>
    <AssemblyVersion>9.0.0.0</AssemblyVersion>
  </AssemblyInfo>
  <TypeForwardingChain>
    <TypeForwarding From="System.Diagnostics.EventLog" FromVersion="9.0.0.0" To="System" ToVersion="4.0.0.0" FrameworkAlternate="netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1" />
  </TypeForwardingChain>
  <Base>
    <BaseTypeName>System.ComponentModel.Component</BaseTypeName>
  </Base>
  <Interfaces>
    <Interface>
      <InterfaceName>System.ComponentModel.ISupportInitialize</InterfaceName>
    </Interface>
  </Interfaces>
  <Attributes>
    <Attribute>
      <AttributeName Language="C#">[System.ComponentModel.DefaultEvent("EntryWritten")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultEvent("EntryWritten")&gt;]</AttributeName>
    </Attribute>
    <Attribute FrameworkAlternate="netframework-1.1">
      <AttributeName Language="C#">[System.ComponentModel.Designer("Microsoft.VisualStudio.Install.EventLogInstallableComponentDesigner, Microsoft.VisualStudio, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.ComponentModel.Designer("Microsoft.VisualStudio.Install.EventLogInstallableComponentDesigner, Microsoft.VisualStudio, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
    </Attribute>
    <Attribute FrameworkAlternate="netframework-1.1">
      <AttributeName Language="C#">[System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
    </Attribute>
    <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5">
      <AttributeName Language="C#">[System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
    </Attribute>
    <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
      <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("EventLogDesc")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("EventLogDesc")&gt;]</AttributeName>
    </Attribute>
    <Attribute FrameworkAlternate="netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
      <AttributeName Language="C#">[System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
      <AttributeName Language="F#">[&lt;System.ComponentModel.InstallerType("System.Diagnostics.EventLogInstaller, System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
    </Attribute>
  </Attributes>
  <Docs>
    <summary>Provides interaction with Windows event logs.</summary>
    <remarks>
      <format type="text/markdown"><![CDATA[  
  
## Remarks  
 <xref:System.Diagnostics.EventLog> lets you access or customize Windows event logs, which record information about important software or hardware events. Using <xref:System.Diagnostics.EventLog>, you can read from existing logs, write entries to logs, create or delete event sources, delete logs, and respond to log entries. You can also create new logs when creating an event source.  
  
> [!IMPORTANT]
>  This type implements the <xref:System.IDisposable> interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its <xref:System.IDisposable.Dispose%2A> method in a `try`/`catch` block. To dispose of it indirectly, use a language construct such as `using` (in C#) or `Using` (in Visual Basic). For more information, see the "Using an Object that Implements IDisposable" section in the <xref:System.IDisposable> interface topic.  
  
 In addition to providing access to individual event logs and their entries, the <xref:System.Diagnostics.EventLog> class lets you access the collection of all event logs. You can use the `static` members of <xref:System.Diagnostics.EventLog> to delete logs, get log lists, create or delete a source, or determine if a computer already contains a particular source.  
  
 There are three default event logs: Application, System, and Security. A Security log is read-only. Other applications and services you install, such as Active Directory, might have additional event logs.  
  
 There are security considerations when using the <xref:System.Diagnostics.EventLog> class. <xref:System.Diagnostics.EventLog> requires <xref:System.Diagnostics.EventLogPermission> permissions for specific actions in the .NET Framework 2.0 and later versions, or full trust in the .NET Framework 1.0 and 1.1. We recommend that <xref:System.Diagnostics.EventLogPermission> not be granted to partially trusted code.  You should never pass any event log object, including <xref:System.Diagnostics.EventLogEntryCollection> and <xref:System.Diagnostics.EventLogEntry> objects, to less trusted code. For example, creating an <xref:System.Diagnostics.EventLog> object, writing an entry, and then passing the <xref:System.Diagnostics.EventLog> object to partially trusted code can create a security issue, because the ability to read and write to the event log allows code to perform actions such as issuing event log messages in the name of another application.  
  
 Starting with Windows Vista, User Account Control (UAC) determines the credentials of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To run the code that accesses the Security log, you must first elevate your credentials from standard user to administrator. You can do this when you start an application by opening the shortcut menu for the application (if you're using a mouse, right-click the application icon) and indicating that you want to run as an administrator.  
  
 You can use <xref:System.Diagnostics.EventLog> to create custom event logs that you can view through the server's Event Viewer. Use the <xref:System.Diagnostics.EventLog.RegisterDisplayName%2A> method to display a localized name for your event log in the Event Viewer. Use the <xref:System.Diagnostics.EventLog.ModifyOverflowPolicy%2A> method to configure the behavior of your event log when it reaches its maximum log size.  
  
 To read from an event log, specify the log name (<xref:System.Diagnostics.EventLog.Log%2A> property) and server computer name (<xref:System.Diagnostics.EventLog.MachineName%2A> property for the event log. If you don't specify the server computer name, the local computer, ".", is assumed. It's not necessary to specify the event source (<xref:System.Diagnostics.EventLog.Source%2A> property), because a source is required only for writing to logs. The  <xref:System.Diagnostics.EventLog.Entries%2A> property is automatically populated with the event log's list of entries.  
  
 To write to an event log, specify or create an event source (<xref:System.Diagnostics.EventLog.Source%2A> property). You must have administrative credentials on the computer to create a new event source. The event source registers your application with the event log as a valid source of entries. You can use the event source  to write to only one log at a time. The <xref:System.Diagnostics.EventLog.Source%2A> property can be any random string, but the name must be distinct from other sources on the computer. The event source is typically the name of the application or another identifying string. Trying to create a duplicate <xref:System.Diagnostics.EventLog.Source%2A> value throws an exception. However, a single event log can be associated with multiple sources.  
  
 If the event source for the event log associated with the <xref:System.Diagnostics.EventLog> instance doesn't exist, a new event source is created. To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative credentials.  
  
 This requirement is because all event logs, including Security logs, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the Security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
  
> [!IMPORTANT]
>  Creating or deleting an event source requires synchronization of the underlying code by using a named mutex. If a highly privileged application locks the named mutex, trying to create or delete an event source causes the application to stop responding until the lock is released. To help prevent this problem, never grant <xref:System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode> permission to untrusted code. In addition, <xref:System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode> permission potentially allows other permissions to be bypassed and should only be granted to highly trusted code.  
  
 Applications and services should write to the Application log or to a custom log. Device drivers should write to the System log. If you do not explicitly set the <xref:System.Diagnostics.EventLog.Log%2A> property, the event log defaults to the Application log.  
  
> [!NOTE]
>  There is nothing to protect an application from writing as any registered source.  If an application is granted <xref:System.Diagnostics.EventLogPermissionAccess.Write> permission, it can write events for any valid source registered on the computer.  
  
 Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> and <xref:System.Diagnostics.EventLog.WriteEntry%2A> methods to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system hasn't refreshed its list of event sources, and you try to write an event with the new source, the write operation will fail. You can configure a new source by using an <xref:System.Diagnostics.EventLogInstaller> object or the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative credentials on the computer to create a new event source.  
  
 Each source can write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files. To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration instead of deleting the existing source.  
  
 You can register the event source with localized resources for your event category and message strings. Your application can write event log entries by using resource identifiers instead of specifying the actual string values. Refer to the <xref:System.Diagnostics.EventLogInstaller> and <xref:System.Diagnostics.EventSourceCreationData> classes for more information about configuring your source with resource files.  
  
 If your application writes string values directly to the event log, you do not have to set the resource file properties for the source. The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
 When writing events, you must at least specify either a message string or the resource identifier for a message string. Other event properties are optional. Examples of optional event settings include the following:  
  
-   You can set the <xref:System.Diagnostics.EventLogEntryType> to specify the icon that the Event Viewer displays for the entry.  
  
-   You can specify a category identifier for the event, if your application uses categories for filtering the events.  
  
-   You can attach binary data to your event entry if you want to associate additional information with a given event.  
  
> [!IMPORTANT]
>  Event logging consumes disk space, processor time, and other system resources. It is important to log only essential information. We recommend that you place event log calls in an error path, rather than in the main code path, so they don't adversely affect performance.  
  
 For a list of initial property values for an instance of <xref:System.Diagnostics.EventLog>, see the <xref:System.Diagnostics.EventLog.%23ctor%2A> constructor.  
  
   
  
## Examples  
 The following example creates the event source `MySource` if it doesn't already exist, and writes an entry to the event log `MyNewLog`.  
  
> [!NOTE]
>  Starting with Windows Vista, you must run this application as an administrator.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Overview/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
    </remarks>
    <altmember cref="T:System.Diagnostics.EventLogInstaller" />
    <altmember cref="T:System.Diagnostics.EventLogEntry" />
    <altmember cref="T:System.Diagnostics.EntryWrittenEventArgs" />
    <altmember cref="T:System.ServiceProcess.ServiceBase" />
  </Docs>
  <Members>
    <MemberGroup MemberName=".ctor">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Initializes a new instance of the <see cref="T:System.Diagnostics.EventLog" /> class.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName=".ctor">
      <MemberSignature Language="C#" Value="public EventLog ();" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.#ctor" />
      <MemberSignature Language="VB.NET" Value="Public Sub New ()" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; EventLog();" />
      <MemberType>Constructor</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <Parameters />
      <Docs>
        <summary>Initializes a new instance of the <see cref="T:System.Diagnostics.EventLog" /> class. Does not associate the instance with any log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Before calling <xref:System.Diagnostics.EventLog.WriteEntry%2A>, specify the <xref:System.Diagnostics.EventLog.Source%2A> property of the <xref:System.Diagnostics.EventLog> instance. If you are only reading <xref:System.Diagnostics.EventLog.Entries%2A> from the log, you can alternatively specify only the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> properties.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer (".") is assumed.  
  
 The following table shows initial property values for an instance of <xref:System.Diagnostics.EventLog>.  
  
|Property|Initial Value|  
|--------------|-------------------|  
|<xref:System.Diagnostics.EventLog.Source%2A>|An empty string ("").|  
|<xref:System.Diagnostics.EventLog.Log%2A>|An empty string ("").|  
|<xref:System.Diagnostics.EventLog.MachineName%2A>|The local computer (".").|  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Overview/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEntry" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEvent" />
        <altmember cref="T:System.Diagnostics.EventLogEntry" />
      </Docs>
    </Member>
    <Member MemberName=".ctor">
      <MemberSignature Language="C#" Value="public EventLog (string logName);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string logName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.#ctor(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Sub New (logName As String)" />
      <MemberSignature Language="F#" Value="new System.Diagnostics.EventLog : string -&gt; System.Diagnostics.EventLog" Usage="new System.Diagnostics.EventLog logName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; EventLog(System::String ^ logName);" />
      <MemberType>Constructor</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log on the local computer.</param>
        <summary>Initializes a new instance of the <see cref="T:System.Diagnostics.EventLog" /> class. Associates the instance with a log on the local computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 This overload sets the <xref:System.Diagnostics.EventLog.Log%2A> property to the `logName` parameter. Before calling <xref:System.Diagnostics.EventLog.WriteEntry%2A>, specify the <xref:System.Diagnostics.EventLog.Source%2A> property of the <xref:System.Diagnostics.EventLog> instance. If you are only reading <xref:System.Diagnostics.EventLog.Entries%2A> from the log, you can alternatively specify only the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> properties.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer (".") is assumed. This overload of the constructor specifies the <xref:System.Diagnostics.EventLog.Log%2A> property, but you can change this before reading the <xref:System.Diagnostics.EventLog.Entries%2A> property.  
  
 If the source you specify in the <xref:System.Diagnostics.EventLog.Source%2A> property is unique from other sources on the computer, a subsequent call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> creates a log with the specified name, if it does not already exist.  
  
 The following table shows initial property values for an instance of <xref:System.Diagnostics.EventLog>.  
  
|Property|Initial Value|  
|--------------|-------------------|  
|<xref:System.Diagnostics.EventLog.Source%2A>|An empty string ("").|  
|<xref:System.Diagnostics.EventLog.Log%2A>|The `logName` parameter.|  
|<xref:System.Diagnostics.EventLog.MachineName%2A>|The local computer (".").|  
  
   
  
## Examples  
 The following example reads entries in the event log, "myNewLog", on the local computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.EventLog1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/.ctor/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.EventLog1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentNullException">The log name is <see langword="null" />.</exception>
        <exception cref="T:System.ArgumentException">The log name is invalid.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEntry" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEvent" />
        <altmember cref="T:System.Diagnostics.EventLogEntry" />
      </Docs>
    </Member>
    <Member MemberName=".ctor">
      <MemberSignature Language="C#" Value="public EventLog (string logName, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string logName, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.#ctor(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Sub New (logName As String, machineName As String)" />
      <MemberSignature Language="F#" Value="new System.Diagnostics.EventLog : string * string -&gt; System.Diagnostics.EventLog" Usage="new System.Diagnostics.EventLog (logName, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; EventLog(System::String ^ logName, System::String ^ machineName);" />
      <MemberType>Constructor</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log on the specified computer.</param>
        <param name="machineName">The computer on which the log exists.</param>
        <summary>Initializes a new instance of the <see cref="T:System.Diagnostics.EventLog" /> class. Associates the instance with a log on the specified computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 This overload sets the <xref:System.Diagnostics.EventLog.Log%2A> property to the `logName` parameter and the <xref:System.Diagnostics.EventLog.MachineName%2A> property to the `machineName` parameter. Before calling <xref:System.Diagnostics.EventLog.WriteEntry%2A>, specify the <xref:System.Diagnostics.EventLog.Source%2A> property of the <xref:System.Diagnostics.EventLog>. If you are only reading <xref:System.Diagnostics.EventLog.Entries%2A> from the log, you can alternatively specify only the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> properties.  
  
> [!NOTE]
>  This overload of the constructor specifies the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> properties, but you can change either before reading the <xref:System.Diagnostics.EventLog.Entries%2A> property.  
  
 The following table shows initial property values for an instance of <xref:System.Diagnostics.EventLog>.  
  
|Property|Initial Value|  
|--------------|-------------------|  
|<xref:System.Diagnostics.EventLog.Source%2A>|An empty string ("").|  
|<xref:System.Diagnostics.EventLog.Log%2A>|The `logName` parameter.|  
|<xref:System.Diagnostics.EventLog.MachineName%2A>|The `machineName` parameter.|  
  
   
  
## Examples  
 The following example reads entries in the event log, "myNewLog", on the computer "myServer".  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.EventLog2 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/.ctor/source1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.EventLog2 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentNullException">The log name is <see langword="null" />.</exception>
        <exception cref="T:System.ArgumentException">The log name is invalid.  
  
 -or-  
  
 The computer name is invalid.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEntry" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEvent" />
        <altmember cref="T:System.Diagnostics.EventLogEntry" />
      </Docs>
    </Member>
    <Member MemberName=".ctor">
      <MemberSignature Language="C#" Value="public EventLog (string logName, string machineName, string source);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string logName, string machineName, string source) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.#ctor(System.String,System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Sub New (logName As String, machineName As String, source As String)" />
      <MemberSignature Language="F#" Value="new System.Diagnostics.EventLog : string * string * string -&gt; System.Diagnostics.EventLog" Usage="new System.Diagnostics.EventLog (logName, machineName, source)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; EventLog(System::String ^ logName, System::String ^ machineName, System::String ^ source);" />
      <MemberType>Constructor</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
        <Parameter Name="source" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log on the specified computer.</param>
        <param name="machineName">The computer on which the log exists.</param>
        <param name="source">The source of event log entries.</param>
        <summary>Initializes a new instance of the <see cref="T:System.Diagnostics.EventLog" /> class. Associates the instance with a log on the specified computer and creates or assigns the specified source to the <see cref="T:System.Diagnostics.EventLog" />.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 This constructor sets the <xref:System.Diagnostics.EventLog.Log%2A> property to the `logName` parameter, the <xref:System.Diagnostics.EventLog.MachineName%2A> property to the `machineName` parameter, and the <xref:System.Diagnostics.EventLog.Source%2A> property to the `source` parameter. The <xref:System.Diagnostics.EventLog.Source%2A> property is required when writing to an event log. However, if you are only reading from an event log, only the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> properties are required (as long as the event log on the server has a source already associated with it). If you are only reading from the event log, another overload of the constructor might suffice.  
  
 The following table shows initial property values for an instance of <xref:System.Diagnostics.EventLog>.  
  
|Property|Initial Value|  
|--------------|-------------------|  
|<xref:System.Diagnostics.EventLog.Source%2A>|The `source` parameter.|  
|<xref:System.Diagnostics.EventLog.Log%2A>|The `logName` parameter.|  
|<xref:System.Diagnostics.EventLog.MachineName%2A>|The `machineName` parameter.|  
  
   
  
## Examples  
 The following example writes an entry to an event log, "MyNewLog", on the local computer, using the source "MySource".  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.EventLog3 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/.ctor/source2.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.EventLog3 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentNullException">The log name is <see langword="null" />.</exception>
        <exception cref="T:System.ArgumentException">The log name is invalid.  
  
 -or-  
  
 The computer name is invalid.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEntry" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEvent" />
        <altmember cref="T:System.Diagnostics.EventLogEntry" />
      </Docs>
    </Member>
    <Member MemberName="BeginInit">
      <MemberSignature Language="C#" Value="public void BeginInit ();" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void BeginInit() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.BeginInit" />
      <MemberSignature Language="VB.NET" Value="Public Sub BeginInit ()" />
      <MemberSignature Language="F#" Value="abstract member BeginInit : unit -&gt; unit&#xA;override this.BeginInit : unit -&gt; unit" Usage="eventLog.BeginInit " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; virtual void BeginInit();" />
      <MemberType>Method</MemberType>
      <Implements>
        <InterfaceMember>M:System.ComponentModel.ISupportInitialize.BeginInit</InterfaceMember>
      </Implements>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters />
      <Docs>
        <summary>Begins the initialization of an <see cref="T:System.Diagnostics.EventLog" /> used on a form or used by another component. The initialization occurs at runtime.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The Visual Studio 2005 design environment uses this method to start the initialization of a component used on a form or by another component. The <xref:System.Diagnostics.EventLog.EndInit%2A> method ends the initialization. Using the <xref:System.Diagnostics.EventLog.BeginInit%2A> and <xref:System.Diagnostics.EventLog.EndInit%2A> methods prevent the control from being used before it is fully initialized.  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.InvalidOperationException">
          <see cref="T:System.Diagnostics.EventLog" /> is already initialized.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.EndInit" />
      </Docs>
    </Member>
    <Member MemberName="Clear">
      <MemberSignature Language="C#" Value="public void Clear ();" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void Clear() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Clear" />
      <MemberSignature Language="VB.NET" Value="Public Sub Clear ()" />
      <MemberSignature Language="F#" Value="member this.Clear : unit -&gt; unit" Usage="eventLog.Clear " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void Clear();" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters />
      <Docs>
        <summary>Removes all entries from the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Event logs are set with a maximum size that determines how many entries they can contain. When an event log is full, it stops recording new event information or begins to overwrite earlier entries. If event recording stops, you can use this method to clear the log of existing entries and allow it to start recording events again. You must have administrator permissions to the computer on which the log resides to clear event log entries.  
  
 <xref:System.Diagnostics.EventLog.Clear%2A> closes the event log, releases the event handles, retrieves new read and write handles, and reopens the event log. Events received after the call to the method are not cleared along with the existing events.  
  
   
  
## Examples  
 The following example clears an event log.  
  
> [!CAUTION]
>  Because Application, System, Security, and other non-custom logs can contain crucial information; be sure to specify a custom log before executing this example code. This example deletes the custom log `myNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Clear Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Clear/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Clear Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ComponentModel.Win32Exception">The event log was not cleared successfully.  
  
 -or-  
  
 The log cannot be opened. A Windows error code is not available.</exception>
        <exception cref="T:System.ArgumentException">A value is not specified for the <see cref="P:System.Diagnostics.EventLog.Log" /> property. Make sure the log name is not an empty string.</exception>
        <exception cref="T:System.InvalidOperationException">The log does not exist.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Close" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
      </Docs>
    </Member>
    <Member MemberName="Close">
      <MemberSignature Language="C#" Value="public void Close ();" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void Close() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Close" />
      <MemberSignature Language="VB.NET" Value="Public Sub Close ()" />
      <MemberSignature Language="F#" Value="member this.Close : unit -&gt; unit" Usage="eventLog.Close " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void Close();" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters />
      <Docs>
        <summary>Closes the event log and releases read and write handles.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The <xref:System.Diagnostics.EventLog.Close%2A> method is called by the protected <xref:System.ComponentModel.Component.Dispose%2A> method. You do not need to invoke <xref:System.Diagnostics.EventLog.Close%2A> before calling <xref:System.ComponentModel.Component.Dispose%2A>.  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ComponentModel.Win32Exception">The event log's read handle or write handle was not released successfully.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Clear" />
      </Docs>
    </Member>
    <MemberGroup MemberName="CreateEventSource">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Establishes an application as able to write event information to a particular log on the system.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="CreateEventSource">
      <MemberSignature Language="C#" Value="public static void CreateEventSource (System.Diagnostics.EventSourceCreationData sourceData);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void CreateEventSource(class System.Diagnostics.EventSourceCreationData sourceData) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.CreateEventSource(System.Diagnostics.EventSourceCreationData)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub CreateEventSource (sourceData As EventSourceCreationData)" />
      <MemberSignature Language="F#" Value="static member CreateEventSource : System.Diagnostics.EventSourceCreationData -&gt; unit" Usage="System.Diagnostics.EventLog.CreateEventSource sourceData" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void CreateEventSource(System::Diagnostics::EventSourceCreationData ^ sourceData);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="sourceData" Type="System.Diagnostics.EventSourceCreationData" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
      </Parameters>
      <Docs>
        <param name="sourceData">The configuration properties for the event source and its target event log.</param>
        <summary>Establishes a valid event source for writing localized event messages, using the specified configuration properties for the event source and the corresponding event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this overload to configure a new source for writing entries to an event log on the local computer or a remote computer. It is not necessary to use this method to read from an event log.  
  
 The <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method uses the input `sourceData` <xref:System.Diagnostics.EventSourceCreationData.Source%2A>, <xref:System.Diagnostics.EventSourceCreationData.LogName%2A> and <xref:System.Diagnostics.EventSourceCreationData.MachineName%2A> properties to create registry values on the target computer for the new source and its associated event log. A new source name cannot match an existing source name or an existing event log name on the target computer. If the <xref:System.Diagnostics.EventSourceCreationData.LogName%2A> property is not set, the source is registered for the Application event log. If the <xref:System.Diagnostics.EventSourceCreationData.MachineName%2A> is not set, the source is registered on the local computer.  
  
> [!NOTE]
>  To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.  
>   
>  The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
>   
>  Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
 Use <xref:System.Diagnostics.EventLog.WriteEvent%2A> and <xref:System.Diagnostics.EventLog.WriteEntry%2A> to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 You can create an event source for an existing event log or a new event log. When you create a new source for a new event log, the system registers the source for that log, but the log is not created until the first entry is written to it.  
  
 The operating system stores event logs as files. When you use <xref:System.Diagnostics.EventLogInstaller> or <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to create a new event log, the associated file is stored in the %SystemRoot%\System32\Config directory on the specified computer. The file name is set by appending the first 8 characters of the <xref:System.Diagnostics.EventLog.Log%2A> property with the ".evt" file name extension.  
  
 Each source can only write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files.  
  
 You can register the event source with localized resource file(s) for your event category and message strings. Your application can write event log entries using resource identifiers, rather than specifying the actual string. The Event Viewer uses the resource identifier to find and display the corresponding string from the localized resource file based on current language settings. You can register a separate file for event categories, messages and parameter insertion strings, or you can register the same resource file for all three types of strings. Use the <xref:System.Diagnostics.EventSourceCreationData.CategoryCount%2A>, <xref:System.Diagnostics.EventSourceCreationData.CategoryResourceFile%2A>, <xref:System.Diagnostics.EventSourceCreationData.MessageResourceFile%2A>, and <xref:System.Diagnostics.EventSourceCreationData.ParameterResourceFile%2A> properties to configure the source to write localized entries to the event log. If your application writes strings values directly to the event log, you do not need to set these properties.  
  
 The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
 To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration rather than deleting the existing source.  
  
> [!NOTE]
>  If a source is configured for an event log, and you reconfigure it for another event log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example determines whether the event source named `SampleApplicationSource` is registered on the local computer. If the event source does not exist, the example sets the message resource file for the source and creates the new event source. Finally, the example sets the localized display name for the event log, using the resource identifier value in `DisplayNameMsgId` and the resource file path in `messageFile`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet6":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet6":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet6":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings. Specifically, resource identifier 5001 is defined for the localized name of the event log.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The computer name specified in <paramref name="sourceData" /> is not valid.  
  
-or-
  
 The source name specified in <paramref name="sourceData" /> is <see langword="null" />.  
  
-or-
  
 The log name specified in <paramref name="sourceData" /> is not valid. Event log names must consist of printable characters and cannot include the characters '*', '?', or '\\'.  
  
-or-
  
 The log name specified in <paramref name="sourceData" /> is not valid for user log creation. The Event log names AppEvent, SysEvent, and SecEvent are reserved for system use.  
  
-or-
  
 The log name matches an existing event source name.  
  
-or-
  
 The source name specified in <paramref name="sourceData" /> results in a registry key path longer than 254 characters.  
  
-or-
  
 The first 8 characters of the log name specified in <paramref name="sourceData" /> are not unique.  
  
-or-
  
 The source name specified in <paramref name="sourceData" /> is already registered.  
  
-or-
  
 The source name specified in <paramref name="sourceData" /> matches an existing event log name.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="sourceData" /> is <see langword="null" />.</exception>
        <altmember cref="T:System.Diagnostics.EventSourceCreationData" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="T:System.Diagnostics.EventLogInstaller" />
      </Docs>
    </Member>
    <Member MemberName="CreateEventSource">
      <MemberSignature Language="C#" Value="public static void CreateEventSource (string source, string logName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void CreateEventSource(string source, string logName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.CreateEventSource(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub CreateEventSource (source As String, logName As String)" />
      <MemberSignature Language="F#" Value="static member CreateEventSource : string * string -&gt; unit" Usage="System.Diagnostics.EventLog.CreateEventSource (source, logName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void CreateEventSource(System::String ^ source, System::String ^ logName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="logName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The source name by which the application is registered on the local computer.</param>
        <param name="logName">The name of the log the source's entries are written to. Possible values include Application, System, or a custom event log.</param>
        <summary>Establishes the specified source name as a valid event source for writing entries to a log on the local computer. This method can also create a new custom log on the local computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this overload to create a custom log or to create and register a <xref:System.Diagnostics.EventLog.Source%2A> to an existing log on the local computer.  
  
 If `logName` is `null` or an empty string ("") when you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A>, the log defaults to the Application log. If the log does not exist on the local computer, the system creates a custom log and registers your application as a <xref:System.Diagnostics.EventLog.Source%2A> for that log.  
  
> [!NOTE]
>  To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.  
>   
>  The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
>   
>  In Windows Vista and later, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
 You only need to create an event source if you are writing to the event log. Before writing an entry to an event log, you must register the event source with the event log as a valid source of events. When you write a log entry, the system uses the <xref:System.Diagnostics.EventLog.Source%2A> to find the appropriate log in which to place your entry. If you are reading the event log, you can either specify the <xref:System.Diagnostics.EventLog.Source%2A>, or a <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A>.  
  
> [!NOTE]
>  You are not required to specify the <xref:System.Diagnostics.EventLog.MachineName%2A> if you are connecting to a log on the local computer. If you do not specify the <xref:System.Diagnostics.EventLog.MachineName%2A> when reading from a log, the local computer (".") is assumed.  
  
 Use <xref:System.Diagnostics.EventLog.WriteEvent%2A> and <xref:System.Diagnostics.EventLog.WriteEntry%2A> to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 You can create an event source for an existing event log or a new event log. When you create a new source for a new event log, the system registers the source for that log, but the log is not created until the first entry is written to it.  
  
 The operating system stores event logs as files. When you use <xref:System.Diagnostics.EventLogInstaller> or <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to create a new event log, the associated file is stored in the %SystemRoot%\System32\Config directory on the specified computer. The file name is set by appending the first 8 characters of the <xref:System.Diagnostics.EventLog.Log%2A> property with the ".evt" file name extension.  
  
 The source must be unique on the local computer; a new source name cannot match an existing source name or an existing event log name. Each source can write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files.  
  
 The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
 To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration rather than deleting the existing source.  
  
> [!NOTE]
>  If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Overview/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">
          <paramref name="source" /> is an empty string ("") or <see langword="null" />.  
  
-or-
  
 <paramref name="logName" /> is not a valid event log name. Event log names must consist of printable characters, and cannot include the characters '*', '?', or '\\'.  
  
-or-
  
 <paramref name="logName" /> is not valid for user log creation. The event log names AppEvent, SysEvent, and SecEvent are reserved for system use.  
  
-or-
  
 The log name matches an existing event source name.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.  
  
-or-
  
 The first 8 characters of <paramref name="logName" /> match the first 8 characters of an existing event log name.  
  
-or-
  
 The source cannot be registered because it already exists on the local computer.  
  
-or-
  
 The source name matches an existing event log name.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened on the local computer.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
      </Docs>
    </Member>
    <Member MemberName="CreateEventSource">
      <MemberSignature Language="C#" Value="public static void CreateEventSource (string source, string logName, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void CreateEventSource(string source, string logName, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.CreateEventSource(System.String,System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub CreateEventSource (source As String, logName As String, machineName As String)" />
      <MemberSignature Language="F#" Value="static member CreateEventSource : string * string * string -&gt; unit" Usage="System.Diagnostics.EventLog.CreateEventSource (source, logName, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void CreateEventSource(System::String ^ source, System::String ^ logName, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netstandard-2.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.Obsolete("EventLog.CreateEventSource has been deprecated. Use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Obsolete("EventLog.CreateEventSource has been deprecated. Use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Obsolete("This method has been deprecated.  Please use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.  http://go.microsoft.com/fwlink/?linkid=14202")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Obsolete("This method has been deprecated.  Please use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.  http://go.microsoft.com/fwlink/?linkid=14202")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0">
          <AttributeName Language="C#">[System.Obsolete("This method has been deprecated.  Please use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.  https://go.microsoft.com/fwlink/?linkid=14202")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Obsolete("This method has been deprecated.  Please use System.Diagnostics.EventLog.CreateEventSource(EventSourceCreationData sourceData) instead.  https://go.microsoft.com/fwlink/?linkid=14202")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="logName" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="logName">The name of the log the source's entries are written to. Possible values include Application, System, or a custom event log. If you do not specify a value, <paramref name="logName" /> defaults to Application.</param>
        <param name="machineName">The name of the computer to register this event source with, or "." for the local computer.</param>
        <summary>Establishes the specified source name as a valid event source for writing entries to a log on the specified computer. This method can also be used to create a new custom log on the specified computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this overload to create a custom log or to create and register a <xref:System.Diagnostics.EventLog.Source%2A> to an existing log on the specified computer.  
  
 If `logName` is `null` or an empty string ("") when you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A>, the log defaults to the Application log. If the log does not exist on the specified computer, the system creates a custom log and registers your application as a <xref:System.Diagnostics.EventLog.Source%2A> for that log.  
  
 You only need to create an event source if you are writing to the event log. Before writing an entry to an event log, you must register the event source with the event log as a valid source of events. When you write a log entry, the system uses the <xref:System.Diagnostics.EventLog.Source%2A> to find the appropriate log in which to place your entry. If you are reading the event log, you can either specify the <xref:System.Diagnostics.EventLog.Source%2A>, or a <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A>.  
  
> [!NOTE]
>  To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.  
>   
>  The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. In Windows Vista and later, users do not have permission to access the security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
>   
>  In Windows Vista and later, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
 Use <xref:System.Diagnostics.EventLog.WriteEvent%2A> and <xref:System.Diagnostics.EventLog.WriteEntry%2A> to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 You can create an event source for an existing event log or a new event log. When you create a new source for a new event log, the system registers the source for that log, but the log is not created until the first entry is written to it.  
  
 The operating system stores event logs as files. When you use <xref:System.Diagnostics.EventLogInstaller> or <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to create a new event log, the associated file is stored in the %SystemRoot%\System32\Config directory on the specified computer. The file name is set by appending the first 8 characters of the <xref:System.Diagnostics.EventLog.Log%2A> property with the ".evt" file name extension.  
  
 The source must be unique on the local computer; a new source name cannot match an existing source name or an existing event log name. Each source can write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files.  
  
 The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
 To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration rather than deleting the existing source.  
  
> [!NOTE]
>  If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example creates the source `MySource` on the computer `MyServer`, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.SourceExists1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/CreateEventSource/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.SourceExists1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="machineName" /> is not a valid computer name.  
  
-or-
  
 <paramref name="source" /> is an empty string ("") or <see langword="null" />.  
  
-or-
  
 <paramref name="logName" /> is not a valid event log name. Event log names must consist of printable characters, and cannot include the characters '*', '?', or '\\'.  
  
-or-
  
 <paramref name="logName" /> is not valid for user log creation. The event log names AppEvent, SysEvent, and SecEvent are reserved for system use.  
  
-or-
  
 The log name matches an existing event source name.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.  
  
-or-
  
 The first 8 characters of <paramref name="logName" /> match the first 8 characters of an existing event log name on the specified computer.  
  
-or-
  
 The source cannot be registered because it already exists on the specified computer.  
  
-or-
  
 The source name matches an existing event source name.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened on the specified computer.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
      </Docs>
    </Member>
    <MemberGroup MemberName="Delete">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Removes a log resource.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="Delete">
      <MemberSignature Language="C#" Value="public static void Delete (string logName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void Delete(string logName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Delete(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub Delete (logName As String)" />
      <MemberSignature Language="F#" Value="static member Delete : string -&gt; unit" Usage="System.Diagnostics.EventLog.Delete logName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void Delete(System::String ^ logName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log to delete. Possible values include: Application, Security, System, and any custom event logs on the computer.</param>
        <summary>Removes an event log from the local computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method when the log you want to delete is on the local computer. You can delete any log on the computer, provided you have the appropriate registry permissions.  
  
 <xref:System.Diagnostics.EventLog.Delete%2A> removes the log specified by `logName` from the local computer. If you want to delete only the source registered to a log, call <xref:System.Diagnostics.EventLog.DeleteEventSource%2A>. If you only want to delete the log entries, call <xref:System.Diagnostics.EventLog.Clear%2A>. <xref:System.Diagnostics.EventLog.Delete%2A> and <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> are `static` methods, so they can be called on the class itself. It is not necessary to create a new instance of <xref:System.Diagnostics.EventLog> to call either method.  
  
 The <xref:System.Diagnostics.EventLog.Delete%2A> method first deletes the file that holds the contents of the log. It then accesses the registry and removes all the event sources registered for that log. If you recreate the log at a later point, you should register the event sources again, if they are to be reused. If you do not register the event sources and other users write to an event source without specifying a log name, the event source will be created in the Application event log. Therefore, applications that previously were able to write entries to the log you deleted and recreated will write to the Application log instead, because it now contains the event source.  
  
> [!NOTE]
>  Recreating an event log can be a difficult process. Avoid deleting any of the system-created event logs, such as the Application log.  
  
 Deleting a log through a call to <xref:System.Diagnostics.EventLog.Delete%2A> automatically deletes the sources registered to that log. This can make other applications using that log inoperative.  
  
   
  
## Examples  
 The following example deletes a log from the local computer. The example determines the log from its source.  
  
> [!NOTE]
>  More than one source might write to an event log. Before deleting a custom log, make sure there are no other sources writing to that log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Delete/source1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">
          <paramref name="logName" /> is an empty string ("") or <see langword="null" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened on the local computer.  
  
-or-
  
 The log does not exist on the local computer.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The event log was not cleared successfully.  
  
 -or-  
  
 The log cannot be opened. A Windows error code is not available.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Clear" />
        <altmember cref="M:System.Diagnostics.EventLog.Close" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
      </Docs>
    </Member>
    <Member MemberName="Delete">
      <MemberSignature Language="C#" Value="public static void Delete (string logName, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void Delete(string logName, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Delete(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub Delete (logName As String, machineName As String)" />
      <MemberSignature Language="F#" Value="static member Delete : string * string -&gt; unit" Usage="System.Diagnostics.EventLog.Delete (logName, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void Delete(System::String ^ logName, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log to delete. Possible values include: Application, Security, System, and any custom event logs on the specified computer.</param>
        <param name="machineName">The name of the computer to delete the log from, or "." for the local computer.</param>
        <summary>Removes an event log from the specified computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method when the log you want to delete is on a remote computer. You can delete any log on the computer, provided you have the appropriate registry permissions.  
  
 <xref:System.Diagnostics.EventLog.Delete%2A> removes the log specified by `logName` from the computer specified by `machineName`. If you want to delete only the source registered to a log, call <xref:System.Diagnostics.EventLog.DeleteEventSource%2A>. If you only want to delete the log entries, call <xref:System.Diagnostics.EventLog.Clear%2A>. <xref:System.Diagnostics.EventLog.Delete%2A> and <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> are `static` methods, so they can be called on the class itself. It is not necessary to create an instance of <xref:System.Diagnostics.EventLog> to call either method.  
  
 This method first deletes the file that holds the contents of the log. It then accesses the registry and removes all the event sources registered for that log. If you recreate the log at a later point, you should register the event sources again, if they are to be reused. If you do not register the event sources and other users write to an event source without specifying a log name, the event source will be created in the Application event log. Therefore, applications that previously were able to write entries to the log you deleted and recreated will write to the Application log instead, because it now contains the event source.  
  
> [!NOTE]
>  Recreating an event log can be a difficult process. Avoid deleting any of the system-created event logs, such as the Application log.  
  
 Deleting a log through a call to <xref:System.Diagnostics.EventLog.Delete%2A> automatically deletes the sources registered to that log. This can make other applications using that log inoperative.  
  
   
  
## Examples  
 The following example deletes a log from the specified computer. The example determines the log from its source.  
  
> [!NOTE]
>  More than one source might write to an event log. Before deleting a custom log, make sure there are no other sources writing to that log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Delete1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Delete/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Delete1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">
          <paramref name="logName" /> is an empty string ("") or <see langword="null" />.  
  
-or-
  
 <paramref name="machineName" /> is not a valid computer name.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened on the specified computer.  
  
-or-
  
 The log does not exist on the specified computer.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The event log was not cleared successfully.  
  
 -or-  
  
 The log cannot be opened. A Windows error code is not available.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Clear" />
        <altmember cref="M:System.Diagnostics.EventLog.Close" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
      </Docs>
    </Member>
    <MemberGroup MemberName="DeleteEventSource">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Removes an application's event source registration from the event log.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="DeleteEventSource">
      <MemberSignature Language="C#" Value="public static void DeleteEventSource (string source);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void DeleteEventSource(string source) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub DeleteEventSource (source As String)" />
      <MemberSignature Language="F#" Value="static member DeleteEventSource : string -&gt; unit" Usage="System.Diagnostics.EventLog.DeleteEventSource source" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void DeleteEventSource(System::String ^ source);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The name by which the application is registered in the event log system.</param>
        <summary>Removes the event source registration from the event log of the local computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to remove the registration of a <xref:System.Diagnostics.EventLog.Source%2A> from the local computer. <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> accesses the registry on the local computer and removes the registration of your application as a valid source of events.  
  
 You can remove your component as a valid source of events if you no longer need it to write entries to that log. For example, you might do this if you need to change your component from one log to another. Because a source can only be registered to one log at a time, changing the log requires you to remove the current registration.  
  
 <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> removes only the source registered to a log. If you want to remove the log itself, call <xref:System.Diagnostics.EventLog.Delete%2A>. If you only want to delete the log entries, call <xref:System.Diagnostics.EventLog.Clear%2A>. <xref:System.Diagnostics.EventLog.Delete%2A> and <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> are `static` methods, so they can be called on the class itself. It is not necessary to create an instance of <xref:System.Diagnostics.EventLog> to call either method.  
  
 Deleting a log through a call to <xref:System.Diagnostics.EventLog.Delete%2A> automatically deletes the sources registered to that log. This can make other applications using that log inoperative.  
  
> [!NOTE]
>  If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example deletes a source from the local computer. The example determines the log from its source, and then deletes the log.  
  
> [!NOTE]
>  More than one source might write to an event log. Before deleting a custom log, make sure there are no other sources writing to that log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Delete/source1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> parameter does not exist in the registry of the local computer.  
  
-or-
  
 You do not have write access on the registry key for the event log.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Clear" />
      </Docs>
    </Member>
    <Member MemberName="DeleteEventSource">
      <MemberSignature Language="C#" Value="public static void DeleteEventSource (string source, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void DeleteEventSource(string source, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.DeleteEventSource(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub DeleteEventSource (source As String, machineName As String)" />
      <MemberSignature Language="F#" Value="static member DeleteEventSource : string * string -&gt; unit" Usage="System.Diagnostics.EventLog.DeleteEventSource (source, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void DeleteEventSource(System::String ^ source, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The name by which the application is registered in the event log system.</param>
        <param name="machineName">The name of the computer to remove the registration from, or "." for the local computer.</param>
        <summary>Removes the application's event source registration from the specified computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this overload to remove the registration of a <xref:System.Diagnostics.EventLog.Source%2A> from a remote computer. <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> accesses the registry on the computer specified by `machineName` and removes the registration of your application as a valid source of events.  
  
 You can remove your component as a valid source of events if you no longer need it to write entries to that log. For example, you might do this if you need to change your component from one log to another. Because a source can only be registered to one log at a time, changing the log requires you to remove the current registration.  
  
 <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> removes only the source registered to a log. If you want to remove the log itself, call <xref:System.Diagnostics.EventLog.Delete%2A>. If you only want to delete the log entries, call <xref:System.Diagnostics.EventLog.Clear%2A>. <xref:System.Diagnostics.EventLog.Delete%2A> and <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> are `static` methods, so they can be called on the class itself. It is not necessary to create an instance of <xref:System.Diagnostics.EventLog> to call either method.  
  
 Deleting a log through a call to <xref:System.Diagnostics.EventLog.Delete%2A> automatically deletes the sources registered to that log. This can make other applications using that log inoperative.  
  
> [!NOTE]
>  If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example deletes a source from the specified computer. The example determines the log from its source, and then deletes the log.  
  
> [!NOTE]
>  More than one source might write to an event log. Before deleting a custom log, make sure there are no other sources writing to that log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Delete1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Delete/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Delete1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="machineName" /> parameter is invalid.  
  
-or-
  
 The <paramref name="source" /> parameter does not exist in the registry of the specified computer.  
  
-or-
  
 You do not have write access on the registry key for the event log.</exception>
        <exception cref="T:System.InvalidOperationException">
          <paramref name="source" /> cannot be deleted because in the registry, the parent registry key for <paramref name="source" /> does not contain a subkey with the same name.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Clear" />
      </Docs>
    </Member>
    <Member MemberName="Dispose">
      <MemberSignature Language="C#" Value="protected override void Dispose (bool disposing);" />
      <MemberSignature Language="ILAsm" Value=".method familyhidebysig virtual instance void Dispose(bool disposing) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Dispose(System.Boolean)" />
      <MemberSignature Language="VB.NET" Value="Protected Overrides Sub Dispose (disposing As Boolean)" />
      <MemberSignature Language="F#" Value="override this.Dispose : bool -&gt; unit" Usage="eventLog.Dispose disposing" />
      <MemberSignature Language="C++ CLI" Value="protected:&#xA; override void Dispose(bool disposing);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="disposing" Type="System.Boolean" />
      </Parameters>
      <Docs>
        <param name="disposing">
          <see langword="true" /> to release both managed and unmanaged resources; <see langword="false" /> to release only unmanaged resources.</param>
        <summary>Releases the unmanaged resources used by the <see cref="T:System.Diagnostics.EventLog" />, and optionally releases the managed resources.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks
 This method is called by the public `Dispose()` method and the <xref:System.Object.Finalize> method, if it has been overridden. `Dispose()` invokes this method with the `disposing` parameter set to `true`. `Finalize` invokes this method with `disposing` set to `false`.
  
 When the `disposing` parameter is true, this method releases all resources held by any managed objects that this <xref:System.Diagnostics.EventLog> references. This method invokes the `Dispose()` method of each referenced object.  
  
 ]]></format>
        </remarks>
        <block subset="none" type="overrides">
          <para>
            <see langword="Dispose" /> can be called multiple times by other objects. When overriding <see langword="Dispose(Boolean)" /> be careful not to reference objects that have been previously disposed of in an earlier call to <see langword="Dispose" />. For more information about how to implement <see langword="Dispose(Boolean)" />, see [Implementing a Dispose Method](/dotnet/standard/garbage-collection/implementing-dispose).  
  
 For more information about <see langword="Dispose" /> and <see cref="M:System.Object.Finalize" />, see [Cleaning Up Unmanaged Resources](/dotnet/standard/garbage-collection/unmanaged).</para>
        </block>
      </Docs>
    </Member>
    <Member MemberName="EnableRaisingEvents">
      <MemberSignature Language="C#" Value="public bool EnableRaisingEvents { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance bool EnableRaisingEvents" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.EnableRaisingEvents" />
      <MemberSignature Language="VB.NET" Value="Public Property EnableRaisingEvents As Boolean" />
      <MemberSignature Language="F#" Value="member this.EnableRaisingEvents : bool with get, set" Usage="System.Diagnostics.EventLog.EnableRaisingEvents" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property bool EnableRaisingEvents { bool get(); void set(bool value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DefaultValue(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultValue(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogMonitoring")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogMonitoring")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Boolean</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets a value indicating whether the <see cref="T:System.Diagnostics.EventLog" /> receives <see cref="E:System.Diagnostics.EventLog.EntryWritten" /> event notifications.</summary>
        <value>
          <see langword="true" /> if the <see cref="T:System.Diagnostics.EventLog" /> receives notification when an entry is written to the log; otherwise, <see langword="false" />.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The <xref:System.Diagnostics.EventLog.EnableRaisingEvents%2A> property determines whether the <xref:System.Diagnostics.EventLog> raises events when entries are written to the log. When the property is `true`, components that receive the <xref:System.Diagnostics.EventLog.EntryWritten> event will receive notification any time an entry is written to the log that is specified in the <xref:System.Diagnostics.EventLog.Log%2A> property. If <xref:System.Diagnostics.EventLog.EnableRaisingEvents%2A> is `false`, no events are raised.  
  
> [!NOTE]
>  You can receive event notifications only when entries are written on the local computer. You cannot receive notifications for entries written on remote computers.  
  
   
  
## Examples  
 The following example handles an <xref:System.Diagnostics.EventLog.EntryWritten> event.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.EnableRaisingEvents Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/EnableRaisingEvents/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.EnableRaisingEvents Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.InvalidOperationException">The event log is on a remote computer.</exception>
        <altmember cref="E:System.Diagnostics.EventLog.EntryWritten" />
      </Docs>
    </Member>
    <Member MemberName="EndInit">
      <MemberSignature Language="C#" Value="public void EndInit ();" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void EndInit() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.EndInit" />
      <MemberSignature Language="VB.NET" Value="Public Sub EndInit ()" />
      <MemberSignature Language="F#" Value="abstract member EndInit : unit -&gt; unit&#xA;override this.EndInit : unit -&gt; unit" Usage="eventLog.EndInit " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; virtual void EndInit();" />
      <MemberType>Method</MemberType>
      <Implements>
        <InterfaceMember>M:System.ComponentModel.ISupportInitialize.EndInit</InterfaceMember>
      </Implements>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters />
      <Docs>
        <summary>Ends the initialization of an <see cref="T:System.Diagnostics.EventLog" /> used on a form or by another component. The initialization occurs at runtime.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The Visual Studio 2005 design environment uses this method to end the initialization of a component used on a form or by another component. The <xref:System.Diagnostics.EventLog.BeginInit%2A> method starts the initialization. Using the <xref:System.Diagnostics.EventLog.BeginInit%2A> and <xref:System.Diagnostics.EventLog.EndInit%2A> methods prevents the control from being used before it is fully initialized.  
  
 ]]></format>
        </remarks>
        <altmember cref="M:System.Diagnostics.EventLog.BeginInit" />
      </Docs>
    </Member>
    <Member MemberName="Entries">
      <MemberSignature Language="C#" Value="public System.Diagnostics.EventLogEntryCollection Entries { get; }" />
      <MemberSignature Language="ILAsm" Value=".property instance class System.Diagnostics.EventLogEntryCollection Entries" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.Entries" />
      <MemberSignature Language="VB.NET" Value="Public ReadOnly Property Entries As EventLogEntryCollection" />
      <MemberSignature Language="F#" Value="member this.Entries : System.Diagnostics.EventLogEntryCollection" Usage="System.Diagnostics.EventLog.Entries" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::Diagnostics::EventLogEntryCollection ^ Entries { System::Diagnostics::EventLogEntryCollection ^ get(); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DesignerSerializationVisibility(System.ComponentModel.DesignerSerializationVisibility.Hidden)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DesignerSerializationVisibility(System.ComponentModel.DesignerSerializationVisibility.Hidden)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogEntries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogEntries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Diagnostics.EventLogEntryCollection</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets the contents of the event log.</summary>
        <value>An <see cref="T:System.Diagnostics.EventLogEntryCollection" /> holding the entries in the event log. Each entry is associated with an instance of the <see cref="T:System.Diagnostics.EventLogEntry" /> class.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use the <xref:System.Diagnostics.EventLog.Entries%2A> member when reading from the event log.  
  
 Because the property is read-only, you cannot modify an entry or write to the log using <xref:System.Diagnostics.EventLog.Entries%2A>. Instead, specify a <xref:System.Diagnostics.EventLog.Source%2A> and call <xref:System.Diagnostics.EventLog.WriteEntry%2A> to write a new log entry. You can use <xref:System.Diagnostics.EventLog.Entries%2A> to count the number of entries in the event log, and view each <xref:System.Diagnostics.EventLogEntry> in the collection. Use the indexed <xref:System.Diagnostics.EventLogEntryCollection.Item%2A> member to retrieve information about a specific entry, such as <xref:System.Diagnostics.EventLogEntry.Message%2A>, <xref:System.Diagnostics.EventLogEntry.Category%2A>, <xref:System.Diagnostics.EventLogEntry.TimeWritten%2A>, or <xref:System.Diagnostics.EventLogEntry.EntryType%2A>.  
  
 It is not necessary to specify a <xref:System.Diagnostics.EventLog.Source%2A> when only reading from a log. You can specify only the <xref:System.Diagnostics.EventLog.Log%2A> name and <xref:System.Diagnostics.EventLog.MachineName%2A> (server computer name) properties for the <xref:System.Diagnostics.EventLog> instance. In either case, the <xref:System.Diagnostics.EventLog.Entries%2A> member is automatically populated with the event log's list of entries. You can select the appropriate index for an item in this list to read individual entries.  
  
 An important distinction between reading and writing log entries is that it is not necessary to explicitly call a read method. After the <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A> are specified, the <xref:System.Diagnostics.EventLog.Entries%2A> property is automatically populated. If you change the value of the <xref:System.Diagnostics.EventLog.Log%2A> or <xref:System.Diagnostics.EventLog.MachineName%2A> property, the <xref:System.Diagnostics.EventLog.Entries%2A> property is repopulated the next time you read it.  
  
> [!NOTE]
>  You are not required to specify the <xref:System.Diagnostics.EventLog.MachineName%2A> if you are connecting to a log. If you do not specify the <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer, ".", is assumed.  
  
   
  
## Examples  
 The following example reads entries in the event log, "MyNewLog", on the local computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Entries Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Entries/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Entries Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <altmember cref="T:System.Diagnostics.EventLogEntryCollection" />
        <altmember cref="T:System.Diagnostics.EventLogEntry" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="Overload:System.Diagnostics.EventLog.WriteEntry" />
      </Docs>
    </Member>
    <Member MemberName="EntryWritten">
      <MemberSignature Language="C#" Value="public event System.Diagnostics.EntryWrittenEventHandler EntryWritten;" />
      <MemberSignature Language="ILAsm" Value=".event class System.Diagnostics.EntryWrittenEventHandler EntryWritten" />
      <MemberSignature Language="DocId" Value="E:System.Diagnostics.EventLog.EntryWritten" />
      <MemberSignature Language="VB.NET" Value="Public Custom Event EntryWritten As EntryWrittenEventHandler " />
      <MemberSignature Language="F#" Value="member this.EntryWritten : System.Diagnostics.EntryWrittenEventHandler " Usage="member this.EntryWritten : System.Diagnostics.EntryWrittenEventHandler " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; event System::Diagnostics::EntryWrittenEventHandler ^ EntryWritten;" />
      <MemberType>Event</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogEntryWritten")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogEntryWritten")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Diagnostics.EntryWrittenEventHandler</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Occurs when an entry is written to an event log on the local computer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 To get event notifications, you must set <xref:System.Diagnostics.EventLog.EnableRaisingEvents%2A> to `true`. You can only receive event notifications when entries are written on the local computer. You cannot receive notifications for entries written on remote computers.  
  
 When you create an <xref:System.Diagnostics.EventLog.EntryWritten> delegate, you identify the method that will handle the event. To associate the event with your event handler, add an instance of the delegate to the event. The event handler is called whenever the event occurs, until you remove the delegate. For more information about handling events with delegates, see [Handling and Raising Events](/dotnet/standard/events/).  
  
 The system responds to <xref:System.Diagnostics.EventLog.WriteEntry%2A> only if the last write event occurred at least six seconds previously. This implies you will only receive one <xref:System.Diagnostics.EventLog.EntryWritten> event notification within a six-second interval, even if more than one event log change occurs. If you insert a sufficiently long sleep interval (around 10 seconds) between calls to <xref:System.Diagnostics.EventLog.WriteEntry%2A>, you are less likely to miss an event. However, if write events occur more frequently, you might not receive the event notification until the next interval. Typically, missed event notifications are not lost, but delayed.  
  
   
  
## Examples  
 The following example handles an entry written event.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.EntryWritten Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/EntryWritten/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.EntryWritten Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <altmember cref="P:System.Diagnostics.EventLog.EnableRaisingEvents" />
      </Docs>
    </Member>
    <MemberGroup MemberName="Exists">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Determines whether the specified log exists.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="Exists">
      <MemberSignature Language="C#" Value="public static bool Exists (string logName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig bool Exists(string logName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Exists(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function Exists (logName As String) As Boolean" />
      <MemberSignature Language="F#" Value="static member Exists : string -&gt; bool" Usage="System.Diagnostics.EventLog.Exists logName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static bool Exists(System::String ^ logName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Boolean</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The name of the log to search for. Possible values include: Application, Security, System, other application-specific logs (such as those associated with Active Directory), or any custom log on the computer.</param>
        <summary>Determines whether the log exists on the local computer.</summary>
        <returns>
          <see langword="true" /> if the log exists on the local computer; otherwise, <see langword="false" />.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to determine if a log exists on the local computer. If you want to determine whether a source exists on the local computer, use <xref:System.Diagnostics.EventLog.SourceExists%2A>.  
  
 Because this method accesses the registry, you must have the appropriate registry permissions on the local computer; otherwise, the query returns `false`.  
  
 Because you cannot give a new log the name of an existing log on the same computer, use this method before creating a new log to determine if the specified `logName` already exists on the local computer. The `logName` parameter is not case sensitive.  
  
 <xref:System.Diagnostics.EventLog.Exists%2A> is a `static` method, so it can be called on the class itself. It is not necessary to create an instance of <xref:System.Diagnostics.EventLog> to call <xref:System.Diagnostics.EventLog.Exists%2A>.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_Exists_1/CPP/eventlog_exists_1.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Exists/eventlog_exists_1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_Exists_1/VB/eventlog_exists_1.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The logName is <see langword="null" /> or the value is empty.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
      </Docs>
    </Member>
    <Member MemberName="Exists">
      <MemberSignature Language="C#" Value="public static bool Exists (string logName, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig bool Exists(string logName, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.Exists(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function Exists (logName As String, machineName As String) As Boolean" />
      <MemberSignature Language="F#" Value="static member Exists : string * string -&gt; bool" Usage="System.Diagnostics.EventLog.Exists (logName, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static bool Exists(System::String ^ logName, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Boolean</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="logName" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="logName">The log for which to search. Possible values include: Application, Security, System, other application-specific logs (such as those associated with Active Directory), or any custom log on the computer.</param>
        <param name="machineName">The name of the computer on which to search for the log, or "." for the local computer.</param>
        <summary>Determines whether the log exists on the specified computer.</summary>
        <returns>
          <see langword="true" /> if the log exists on the specified computer; otherwise, <see langword="false" />.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to determine if a log exists on a remote computer. If you want to determine whether a source exists on a remote computer, use <xref:System.Diagnostics.EventLog.SourceExists%2A>.  
  
 Because this method accesses the registry, you must have the appropriate registry permissions on the specified computer; otherwise, the query returns `false`.  
  
 Because you cannot give a new log the name of an existing log on the same computer, use this method before creating a new log to determine if one with the specified `logName` already exists on the server specified by the `machineName` parameter. The `logName` and `machineName` parameters are not case sensitive.  
  
 <xref:System.Diagnostics.EventLog.Exists%2A> is a `static` method, so it can be called on the class itself. It is not necessary to create a new instance of <xref:System.Diagnostics.EventLog> to call <xref:System.Diagnostics.EventLog.Exists%2A>.  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="machineName" /> parameter is an invalid format. Make sure you have used proper syntax for the computer on which you are searching.  
  
 -or-  
  
 The <paramref name="logName" /> is <see langword="null" /> or the value is empty.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
      </Docs>
    </Member>
    <MemberGroup MemberName="GetEventLogs">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Creates an array of the event logs.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="GetEventLogs">
      <MemberSignature Language="C#" Value="public static System.Diagnostics.EventLog[] GetEventLogs ();" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig class System.Diagnostics.EventLog[] GetEventLogs() cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.GetEventLogs" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function GetEventLogs () As EventLog()" />
      <MemberSignature Language="F#" Value="static member GetEventLogs : unit -&gt; System.Diagnostics.EventLog[]" Usage="System.Diagnostics.EventLog.GetEventLogs " />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static cli::array &lt;System::Diagnostics::EventLog ^&gt; ^ GetEventLogs();" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Diagnostics.EventLog[]</ReturnType>
      </ReturnValue>
      <Parameters />
      <Docs>
        <summary>Searches for all event logs on the local computer and creates an array of <see cref="T:System.Diagnostics.EventLog" /> objects that contain the list.</summary>
        <returns>An array of type <see cref="T:System.Diagnostics.EventLog" /> that represents the logs on the local computer.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The array of <xref:System.Diagnostics.EventLog> objects is a snapshot of all event logs on the local computer when the call to <xref:System.Diagnostics.EventLog.GetEventLogs%2A> is made. This is not a dynamic collection, so it does not reflect the deletion or creation of logs in real time. You should verify that a log in the array exists before you read or write to it. The array usually includes at least three logs: Application, System, and Security. If you created custom logs on the local computer, they will appear in the array as well.  
  
 To retrieve the list of event logs, you must have the appropriate registry permissions. These permissions are identical to those required to call <xref:System.Diagnostics.EventLog.Exists%2A> and <xref:System.Diagnostics.EventLog.SourceExists%2A>.  
  
   
  
## Examples  
 The following example enumerates the event logs defined on the local computer, and displays configuration details for each event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.SystemException">You do not have read access to the registry.  
  
 -or-  
  
 There is no event log service on the computer.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
      </Docs>
    </Member>
    <Member MemberName="GetEventLogs">
      <MemberSignature Language="C#" Value="public static System.Diagnostics.EventLog[] GetEventLogs (string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig class System.Diagnostics.EventLog[] GetEventLogs(string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.GetEventLogs(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function GetEventLogs (machineName As String) As EventLog()" />
      <MemberSignature Language="F#" Value="static member GetEventLogs : string -&gt; System.Diagnostics.EventLog[]" Usage="System.Diagnostics.EventLog.GetEventLogs machineName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static cli::array &lt;System::Diagnostics::EventLog ^&gt; ^ GetEventLogs(System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Diagnostics.EventLog[]</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="machineName">The computer on which to search for event logs.</param>
        <summary>Searches for all event logs on the given computer and creates an array of <see cref="T:System.Diagnostics.EventLog" /> objects that contain the list.</summary>
        <returns>An array of type <see cref="T:System.Diagnostics.EventLog" /> that represents the logs on the given computer.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The array of <xref:System.Diagnostics.EventLog> objects is a snapshot of all event logs on the computer specified by the `machineName` parameter when the call to <xref:System.Diagnostics.EventLog.GetEventLogs%2A> is made. This is not a dynamic collection, so it does not reflect the deletion or creation of logs in real time. You should verify that a log in the array exists before you read or write to it. The array usually includes at least three logs: Application, System, and Security. If you created custom logs on the specified computer, they will appear in the array as well.  
  
 <xref:System.Diagnostics.EventLog.GetEventLogs%2A> is a `static` method, so it can be called on the <xref:System.Diagnostics.EventLog> class itself. It is not necessary to create an instance of an <xref:System.Diagnostics.EventLog> object to make a call to the method.  
  
 To retrieve the list of event logs, you must have the appropriate registry permissions. These permissions are identical to those required to call <xref:System.Diagnostics.EventLog.Exists%2A> and <xref:System.Diagnostics.EventLog.SourceExists%2A>.  
  
   
  
## Examples  
 The following example gets a list of logs on the computer "myServer". It then outputs the name of each log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.GetEventLogs1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.GetEventLogs1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="machineName" /> parameter is an invalid computer name.</exception>
        <exception cref="T:System.InvalidOperationException">You do not have read access to the registry.  
  
 -or-  
  
 There is no event log service on the computer.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
      </Docs>
    </Member>
    <Member MemberName="Log">
      <MemberSignature Language="C#" Value="public string Log { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance string Log" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.Log" />
      <MemberSignature Language="VB.NET" Value="Public Property Log As String" />
      <MemberSignature Language="F#" Value="member this.Log : string with get, set" Usage="System.Diagnostics.EventLog.Log" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::String ^ Log { System::String ^ get(); void set(System::String ^ value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DefaultValue("")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultValue("")&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.ReadOnly(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.ReadOnly(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.SettingsBindable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.SettingsBindable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5">
          <AttributeName Language="C#">[System.ComponentModel.RecommendedAsConfigurable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.RecommendedAsConfigurable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogLog")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogLog")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.LogConverter, System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.String</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets the name of the log to read from or write to.</summary>
        <value>The name of the log. This can be Application, System, Security, or a custom log name. The default is an empty string ("").</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Three log files exist by default on the server: Application, System, and Security. Applications and services use the Application log file. Device drivers use the System log file. The system generates success and failure audit events in the Security log when auditing is turned on. If you have other applications installed, like Active Directory on Windows servers, there might be other default log files. In addition, you can create custom log files on a local or remote computer. Custom logs help organize your entries in a more detailed way than is allowed when your components write events to the default Application log.  
  
> [!NOTE]
>  Log names are limited to eight characters. According to the system, MyLogSample1 and MyLogSample2 are the same log.  
  
 If you write to an event log, it is not enough to specify the <xref:System.Diagnostics.EventLog.Log%2A> property. You must associate a <xref:System.Diagnostics.EventLog.Source%2A> property with your event log resource to connect it to a particular log. It is not necessary to specify a <xref:System.Diagnostics.EventLog.Source%2A> when only reading from a log, but an event source must be associated with the event log resource in the server's registry. You can specify only the <xref:System.Diagnostics.EventLog.Log%2A> name and <xref:System.Diagnostics.EventLog.MachineName%2A> (server computer name) to read from it.  
  
> [!NOTE]
>  You are not required to specify the <xref:System.Diagnostics.EventLog.MachineName%2A> if you are connecting to a log. If you do not specify the <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer (".") is assumed.  
  
 If the <xref:System.Diagnostics.EventLog.Source%2A> property has not been specified, a call to <xref:System.Diagnostics.EventLog.Log%2A> returns an empty string if <xref:System.Diagnostics.EventLog.Log%2A> has not been explicitly set (by setting the <xref:System.Diagnostics.EventLog.Log%2A> property, or through the constructor). If the <xref:System.Diagnostics.EventLog.Source%2A> has been specified, <xref:System.Diagnostics.EventLog.Log%2A> returns the name of the log to which that source was registered.  
  
 A source can only be registered to one log at a time. If the <xref:System.Diagnostics.EventLog.Source%2A> property was set for an instance of <xref:System.Diagnostics.EventLog>, you cannot change the <xref:System.Diagnostics.EventLog.Log%2A> property for that <xref:System.Diagnostics.EventLog> without changing the value of <xref:System.Diagnostics.EventLog.Source%2A> or calling <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> first. If you change the <xref:System.Diagnostics.EventLog.Log%2A> property after the <xref:System.Diagnostics.EventLog.Source%2A> property has been set, writing a log entry throws an exception.  
  
 The operating system stores event logs as files. When you use <xref:System.Diagnostics.EventLogInstaller> or <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to create a new event log, the associated file is stored in the %SystemRoot%\System32\Config directory on the specified computer. The file name is set by appending the first 8 characters of the <xref:System.Diagnostics.EventLog.Log%2A> property with the ".evt" file name extension.  
  
 You cannot create a new log using the <xref:System.Diagnostics.EventLog.Log%2A> property alone (without specifying a source for the log). You can call <xref:System.Diagnostics.EventLog.CreateEventSource%2A>, passing in a new log name as a parameter, and then call <xref:System.Diagnostics.EventLog.DeleteEventSource%2A>. However, the intent is usually either to create (and write entries to) new application-specific logs, or to read from existing logs.  
  
 If the <xref:System.Diagnostics.EventLog.Log%2A> value changes, the event log is closed and all event handles are released.  
  
> [!CAUTION]
>  If you set the <xref:System.Diagnostics.EventLog.Log%2A> property to the name of a log that does not exist, the system attaches the <xref:System.Diagnostics.EventLog> to the Application log, but does not warn you that it is using a log other than the one you specified.  
  
   
  
## Examples  
 The following example reads entries in the event log, "NewEventLog", on the local computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Log Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Log/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Log Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="T:System.Diagnostics.EventLogEntryCollection" />
      </Docs>
    </Member>
    <Member MemberName="LogDisplayName">
      <MemberSignature Language="C#" Value="public string LogDisplayName { get; }" />
      <MemberSignature Language="ILAsm" Value=".property instance string LogDisplayName" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.LogDisplayName" />
      <MemberSignature Language="VB.NET" Value="Public ReadOnly Property LogDisplayName As String" />
      <MemberSignature Language="F#" Value="member this.LogDisplayName : string" Usage="System.Diagnostics.EventLog.LogDisplayName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::String ^ LogDisplayName { System::String ^ get(); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.String</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets the event log's friendly name.</summary>
        <value>A name that represents the event log in the system's event viewer.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
  
> [!NOTE]
>  In Windows Vista and later, users do not have permission to access the security log. If you are running Windows Vista or later as a user, you will get a <xref:System.Security.SecurityException> when you attempt to access the display name for an event in the security log.  
>   
>  In Windows Vista and later, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
   
  
## Examples  
 The following example enumerates the event logs defined on the local computer and displays the <xref:System.Diagnostics.EventLog.LogDisplayName%2A> for each event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.InvalidOperationException">The specified <see cref="P:System.Diagnostics.EventLog.Log" /> does not exist in the registry for this computer.</exception>
        <altmember cref="M:System.Diagnostics.EventLog.RegisterDisplayName(System.String,System.Int64)" />
      </Docs>
    </Member>
    <Member MemberName="LogNameFromSourceName">
      <MemberSignature Language="C#" Value="public static string LogNameFromSourceName (string source, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig string LogNameFromSourceName(string source, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.LogNameFromSourceName(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function LogNameFromSourceName (source As String, machineName As String) As String" />
      <MemberSignature Language="F#" Value="static member LogNameFromSourceName : string * string -&gt; string" Usage="System.Diagnostics.EventLog.LogNameFromSourceName (source, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static System::String ^ LogNameFromSourceName(System::String ^ source, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.String</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The name of the event source.</param>
        <param name="machineName">The name of the computer on which to look, or "." for the local computer.</param>
        <summary>Gets the name of the log to which the specified source is registered.</summary>
        <returns>The name of the log associated with the specified source in the registry.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The event source indicates what logs the event. It is often the name of the application, or the name of a subcomponent of the application, if the application is large. Applications and services should write to the Application log or a custom log. Device drivers should write to the System log.  
  
 When you create a new source, which can only write to one log at a time, the system registers your application with the event log as a valid source of entries. The <xref:System.Diagnostics.EventLog.Source%2A> property can be any string, but the name cannot be used by other sources on the computer. An attempt to create a duplicated <xref:System.Diagnostics.EventLog.Source%2A> value throws an exception. However, a single event log can have many different sources writing to it.  
  
   
  
## Examples  
 The following example deletes a source from the local computer. The example determines the log from its source, and then deletes the log.  
  
> [!NOTE]
>  More than one source might write to an event log. Before deleting a custom log, make sure there are no other sources writing to that log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Delete/source1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.DeleteEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
      </Docs>
    </Member>
    <Member MemberName="MachineName">
      <MemberSignature Language="C#" Value="public string MachineName { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance string MachineName" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.MachineName" />
      <MemberSignature Language="VB.NET" Value="Public Property MachineName As String" />
      <MemberSignature Language="F#" Value="member this.MachineName : string with get, set" Usage="System.Diagnostics.EventLog.MachineName" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::String ^ MachineName { System::String ^ get(); void set(System::String ^ value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DefaultValue(".")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultValue(".")&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.ReadOnly(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.ReadOnly(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.SettingsBindable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.SettingsBindable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5">
          <AttributeName Language="C#">[System.ComponentModel.RecommendedAsConfigurable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.RecommendedAsConfigurable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogMachineName")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogMachineName")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.String</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets the name of the computer on which to read or write events.</summary>
        <value>The name of the server on which the event log resides. The default is the local computer (".").</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 If you write to an event log, you must associate a <xref:System.Diagnostics.EventLog.Source%2A> with your event log object to connect it to a particular log. It is not necessary to specify the <xref:System.Diagnostics.EventLog.Source%2A> property when only reading from a log. You can specify only the <xref:System.Diagnostics.EventLog.Log%2A> name and <xref:System.Diagnostics.EventLog.MachineName%2A> (server computer name).  
  
> [!NOTE]
>  You need not specify the <xref:System.Diagnostics.EventLog.MachineName%2A> if you are connecting to a log. If you do not specify the <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer (".") is assumed.  
  
 A source can only be registered to one log at a time. If the <xref:System.Diagnostics.EventLog.Source%2A> property was set for an instance of <xref:System.Diagnostics.EventLog>, you cannot change the <xref:System.Diagnostics.EventLog.MachineName%2A> property for that <xref:System.Diagnostics.EventLog> without changing the value of <xref:System.Diagnostics.EventLog.Source%2A> or calling <xref:System.Diagnostics.EventLog.DeleteEventSource%2A> first. If you change the <xref:System.Diagnostics.EventLog.MachineName%2A> property, the <xref:System.Diagnostics.EventLog> closes all handles and reattaches to the log and source on the new computer.  
  
 The <xref:System.Diagnostics.EventLog.MachineName%2A> value cannot be an empty string. If it is not explicitly set, it defaults to the local computer (".").  
  
   
  
## Examples  
 The following example reads entries in the event log, "NewEventLog", on a specified computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.MachineName Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/MachineName/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.MachineName Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The computer name is invalid.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Delete(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.GetEventLogs" />
      </Docs>
    </Member>
    <Member MemberName="MaximumKilobytes">
      <MemberSignature Language="C#" Value="public long MaximumKilobytes { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance int64 MaximumKilobytes" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.MaximumKilobytes" />
      <MemberSignature Language="VB.NET" Value="Public Property MaximumKilobytes As Long" />
      <MemberSignature Language="F#" Value="member this.MaximumKilobytes : int64 with get, set" Usage="System.Diagnostics.EventLog.MaximumKilobytes" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property long MaximumKilobytes { long get(); void set(long value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.DesignerSerializationVisibility(System.ComponentModel.DesignerSerializationVisibility.Hidden)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DesignerSerializationVisibility(System.ComponentModel.DesignerSerializationVisibility.Hidden)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Int64</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets the maximum event log size in kilobytes.</summary>
        <value>The maximum event log size in kilobytes. The default is 512, indicating a maximum file size of 512 kilobytes.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The <xref:System.Diagnostics.EventLog.MaximumKilobytes%2A> property represents the size limit of the event log file. When the event log reaches the size limit, the configured <xref:System.Diagnostics.EventLog.OverflowAction%2A> value determines whether new entries are discarded, or whether new entries overwrite older entries.  
  
> [!NOTE]
>  This property represents a configuration setting for the event log represented by this instance. When the event log reaches its maximum size, this property specifies how the operating system handles new entries written by all event sources registered for the event log.  
  
   
  
## Examples  
 The following example enumerates the event logs defined on the local computer, and displays configuration details for each event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentOutOfRangeException">The specified value is less than 64, or greater than 4194240, or not an even multiple of 64.</exception>
        <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Diagnostics.EventLog.Log" /> value is not a valid log name.  
  
-or-
  
 The registry key for the event log could not be opened on the target computer.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.OverflowAction" />
        <altmember cref="M:System.Diagnostics.EventLog.ModifyOverflowPolicy(System.Diagnostics.OverflowAction,System.Int32)" />
      </Docs>
    </Member>
    <Member MemberName="MinimumRetentionDays">
      <MemberSignature Language="C#" Value="public int MinimumRetentionDays { get; }" />
      <MemberSignature Language="ILAsm" Value=".property instance int32 MinimumRetentionDays" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.MinimumRetentionDays" />
      <MemberSignature Language="VB.NET" Value="Public ReadOnly Property MinimumRetentionDays As Integer" />
      <MemberSignature Language="F#" Value="member this.MinimumRetentionDays : int" Usage="System.Diagnostics.EventLog.MinimumRetentionDays" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property int MinimumRetentionDays { int get(); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Int32</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets the number of days to retain entries in the event log.</summary>
        <value>The number of days that entries in the event log are retained. The default value is 7.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use the <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> property to examine the current setting for an event log. Use <xref:System.Diagnostics.EventLog.ModifyOverflowPolicy%2A> to change the minimum number of days that each entry in the event log must be retained.  
  
 The <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> value depends on the configured overflow behavior of the event log. If the <xref:System.Diagnostics.OverflowAction> property for an event log is set to <xref:System.Diagnostics.OverflowAction.OverwriteAsNeeded>, then the <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> value is 0. If the <xref:System.Diagnostics.OverflowAction> property for an event log is set to <xref:System.Diagnostics.OverflowAction.DoNotOverwrite>, then the <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> value is -1. If the <xref:System.Diagnostics.OverflowAction> property for an event log is set to <xref:System.Diagnostics.OverflowAction.OverwriteOlder>, then the <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> value is greater than zero, and represents the number of days to retain event log entries when the event log is full.  
  
 The overflow behavior only occurs when an event log reaches its size limit. When an <xref:System.Diagnostics.EventLog> has its <xref:System.Diagnostics.EventLog.OverflowAction%2A> set to <xref:System.Diagnostics.OverflowAction.OverwriteOlder>, and the event log reaches its maximum size, then new entries are written only if they can replace entries whose age exceeds the <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> period. Retaining event entries for a minimum period is appropriate when the event log is archived regularly. Otherwise, you risk losing new entries when the event log reaches its limit. To avoid losing new event information, set the minimum retention days for events based on your archive schedule for a particular event log.  
  
   
  
## Examples  
 The following example enumerates the event logs defined on the local computer, and displays configuration details for each event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <altmember cref="P:System.Diagnostics.EventLog.MaximumKilobytes" />
        <altmember cref="M:System.Diagnostics.EventLog.ModifyOverflowPolicy(System.Diagnostics.OverflowAction,System.Int32)" />
        <altmember cref="P:System.Diagnostics.EventLog.OverflowAction" />
      </Docs>
    </Member>
    <Member MemberName="ModifyOverflowPolicy">
      <MemberSignature Language="C#" Value="public void ModifyOverflowPolicy (System.Diagnostics.OverflowAction action, int retentionDays);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void ModifyOverflowPolicy(valuetype System.Diagnostics.OverflowAction action, int32 retentionDays) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.ModifyOverflowPolicy(System.Diagnostics.OverflowAction,System.Int32)" />
      <MemberSignature Language="VB.NET" Value="Public Sub ModifyOverflowPolicy (action As OverflowAction, retentionDays As Integer)" />
      <MemberSignature Language="F#" Value="member this.ModifyOverflowPolicy : System.Diagnostics.OverflowAction * int -&gt; unit" Usage="eventLog.ModifyOverflowPolicy (action, retentionDays)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void ModifyOverflowPolicy(System::Diagnostics::OverflowAction action, int retentionDays);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="action" Type="System.Diagnostics.OverflowAction" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="retentionDays" Type="System.Int32" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
      </Parameters>
      <Docs>
        <param name="action">The overflow behavior for writing new entries to the event log.</param>
        <param name="retentionDays">The minimum number of days each event log entry is retained. This parameter is used only if <paramref name="action" /> is set to <see cref="F:System.Diagnostics.OverflowAction.OverwriteOlder" />.</param>
        <summary>Changes the configured behavior for writing new entries when the event log reaches its maximum file size.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The overflow behavior for an event log specifies what happens when new entries are to be written to a log that has reached its maximum file size.  
  
> [!NOTE]
>  The overflow behavior takes effect only when an event log reaches its maximum file size. The overflow behavior does not affect writing a new entry to a log that can accommodate additional event log entries.  
  
 The <xref:System.Diagnostics.EventLog.ModifyOverflowPolicy%2A> method configures the overflow behavior of an event log. <xref:System.Diagnostics.EventLog> instance. After calling this method for the event log specified by the <xref:System.Diagnostics.EventLog.Log%2A> property, the <xref:System.Diagnostics.EventLog.OverflowAction%2A> and <xref:System.Diagnostics.EventLog.MinimumRetentionDays%2A> property values reflect the newly configured overflow behavior.  
  
> [!NOTE]
>  This property represents a configuration setting for the event log represented by this instance. When the event log reaches its maximum size, this property specifies how the operating system handles new entries written by all event sources registered for the event log.  
  
 Set the `action` parameter to <xref:System.Diagnostics.OverflowAction.OverwriteAsNeeded> to indicate that a new entry overwrites the oldest entry when the <xref:System.Diagnostics.EventLog> reaches its maximum size. If the `action` parameter is set to <xref:System.Diagnostics.OverflowAction.OverwriteAsNeeded>, the `retentionDays` parameter value is ignored.  
  
 Set the `action` parameter to <xref:System.Diagnostics.OverflowAction.OverwriteOlder> to indicate that each new entry overwrites older entries when the <xref:System.Diagnostics.EventLog> reaches its maximum size. Specify the number of days that events must be retained in the log using the `retentionDays` parameter. Events written within the retention range are not overwritten by new entries.  
  
 Set the `action` parameter to <xref:System.Diagnostics.OverflowAction.DoNotOverwrite> to discard new events when the maximum log size is reached. If the `action` parameter is set to <xref:System.Diagnostics.OverflowAction.DoNotOverwrite>, the `retentionDays` parameter value is ignored.  
  
> [!CAUTION]
>  Setting the overflow policy to <xref:System.Diagnostics.OverflowAction.DoNotOverwrite> specifies that new entries are discarded when the event log is full. If you use this setting, ensure the event log is regularly archived and cleared to avoid reaching its maximum size limit.  
  
   
  
## Examples  
 The following example displays the configured overflow policy for a specified event log, and allows the user to select a new overflow policy setting for the event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet3":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet3":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet3":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="action" /> is not a valid <see cref="P:System.Diagnostics.EventLog.OverflowAction" /> value.</exception>
        <exception cref="T:System.ArgumentOutOfRangeException">
          <paramref name="retentionDays" /> is less than one, or larger than 365.</exception>
        <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Diagnostics.EventLog.Log" /> value is not a valid log name.  
  
-or-
  
 The registry key for the event log could not be opened on the target computer.</exception>
        <altmember cref="T:System.Diagnostics.OverflowAction" />
        <altmember cref="P:System.Diagnostics.EventLog.MaximumKilobytes" />
        <altmember cref="P:System.Diagnostics.EventLog.OverflowAction" />
        <altmember cref="P:System.Diagnostics.EventLog.MinimumRetentionDays" />
      </Docs>
    </Member>
    <Member MemberName="OverflowAction">
      <MemberSignature Language="C#" Value="public System.Diagnostics.OverflowAction OverflowAction { get; }" />
      <MemberSignature Language="ILAsm" Value=".property instance valuetype System.Diagnostics.OverflowAction OverflowAction" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.OverflowAction" />
      <MemberSignature Language="VB.NET" Value="Public ReadOnly Property OverflowAction As OverflowAction" />
      <MemberSignature Language="F#" Value="member this.OverflowAction : System.Diagnostics.OverflowAction" Usage="System.Diagnostics.EventLog.OverflowAction" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::Diagnostics::OverflowAction OverflowAction { System::Diagnostics::OverflowAction get(); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Diagnostics.OverflowAction</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets the configured behavior for storing new entries when the event log reaches its maximum log file size.</summary>
        <value>The <see cref="T:System.Diagnostics.OverflowAction" /> value that specifies the configured behavior for storing new entries when the event log reaches its maximum log size. The default is <see cref="F:System.Diagnostics.OverflowAction.OverwriteOlder" />.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Event logs grow in size as new events are written to them. Each event log has a configured maximum size limit; the <xref:System.Diagnostics.EventLog.MaximumKilobytes%2A> property defines the maximum number of kilobytes allowed for the event log file size.  
  
 Use the <xref:System.Diagnostics.EventLog.OverflowAction%2A> property value to examine the configured overflow behavior for an event log at its maximum size. Use the <xref:System.Diagnostics.EventLog.ModifyOverflowPolicy%2A> method to change the overflow behavior for an event log.  
  
> [!NOTE]
>  The overflow behavior takes effect only when an event log reaches its maximum file size. The overflow behavior does not affect writing a new entry to a log that can accommodate additional event log entries.  
  
   
  
## Examples  
 The following example enumerates the event logs defined on the local computer, and displays configuration details for each event log.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLogProperties/CPP/source.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/GetEventLogs/source1.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLogProperties/VB/source.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <altmember cref="T:System.Diagnostics.OverflowAction" />
        <altmember cref="P:System.Diagnostics.EventLog.MaximumKilobytes" />
        <altmember cref="M:System.Diagnostics.EventLog.ModifyOverflowPolicy(System.Diagnostics.OverflowAction,System.Int32)" />
        <altmember cref="P:System.Diagnostics.EventLog.MinimumRetentionDays" />
      </Docs>
    </Member>
    <Member MemberName="RegisterDisplayName">
      <MemberSignature Language="C#" Value="public void RegisterDisplayName (string resourceFile, long resourceId);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void RegisterDisplayName(string resourceFile, int64 resourceId) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.RegisterDisplayName(System.String,System.Int64)" />
      <MemberSignature Language="VB.NET" Value="Public Sub RegisterDisplayName (resourceFile As String, resourceId As Long)" />
      <MemberSignature Language="F#" Value="member this.RegisterDisplayName : string * int64 -&gt; unit" Usage="eventLog.RegisterDisplayName (resourceFile, resourceId)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void RegisterDisplayName(System::String ^ resourceFile, long resourceId);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="resourceFile" Type="System.String" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="resourceId" Type="System.Int64" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
      </Parameters>
      <Docs>
        <param name="resourceFile">The fully specified path to a localized resource file.</param>
        <param name="resourceId">The resource identifier that indexes a localized string within the resource file.</param>
        <summary>Specifies the localized name of the event log, which is displayed in the server Event Viewer.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use <xref:System.Diagnostics.EventLog.RegisterDisplayName%2A> to register and display a localized name in the Event Viewer for custom event logs.  
  
 The specified resource identifier must correspond to a localized string defined in the resource file. The Event Viewer displays the custom event log name using the localized string and the current culture settings. For example, you can define multiple event log names localized for different cultures in your resource file. The Event Viewer displays the localized string corresponding to the culture settings of the current user.  
  
 If the Event Viewer cannot load the localized string from the resource file, or if no display name was registered for the event log, then the Event Viewer displays the event log name defined in <xref:System.Diagnostics.EventLog.Log%2A>.  
  
> [!NOTE]
>  You do not need to register a display name for the pre-defined event logs. The operating system registers the localized display names for the Application, System, and Security event logs.  
  
   
  
## Examples  
 The following example determines whether the event source named `SampleApplicationSource` is registered on the local computer. If the event source does not exist, the example sets the message resource file for the source and creates the new event source. Finally, the example sets the localized display name for the event log, using the resource identifier value in `DisplayNameMsgId` and the resource file path in `messageFile`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet6":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet6":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet6":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings. Specifically, resource identifier 5001 is defined for the localized name of the event log.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.InvalidOperationException">The <see cref="P:System.Diagnostics.EventLog.Log" /> value is not a valid log name.  
  
-or-
  
 The registry key for the event log could not be opened on the target computer.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="resourceFile" /> is <see langword="null" />.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.LogDisplayName" />
      </Docs>
    </Member>
    <Member MemberName="Source">
      <MemberSignature Language="C#" Value="public string Source { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance string Source" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.Source" />
      <MemberSignature Language="VB.NET" Value="Public Property Source As String" />
      <MemberSignature Language="F#" Value="member this.Source : string with get, set" Usage="System.Diagnostics.EventLog.Source" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::String ^ Source { System::String ^ get(); void set(System::String ^ value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DefaultValue("")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultValue("")&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.ReadOnly(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.ReadOnly(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <AttributeName Language="C#">[System.ComponentModel.SettingsBindable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.SettingsBindable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5">
          <AttributeName Language="C#">[System.ComponentModel.RecommendedAsConfigurable(true)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.RecommendedAsConfigurable(true)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogSource")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogSource")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.TypeConverter("System.Diagnostics.Design.StringValueConverter, System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.String</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets the source name to register and use when writing to the event log.</summary>
        <value>The name registered with the event log as a source of entries. The default is an empty string ("").</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 The event source indicates what logs the event. It is often the name of the application, or the name of a subcomponent of the application, if the application is large. Applications and services should write to the Application log or a custom log. Device drivers should write to the System log.  
  
 You only need to specify an event source if you are writing to an event log. Before writing an entry to an event log, you must register the event source with the event log as a valid source of events. When you write a log entry, the system uses the <xref:System.Diagnostics.EventLog.Source%2A> property to find the appropriate log in which to place your entry. If you are reading the event log, you can either specify the <xref:System.Diagnostics.EventLog.Source%2A>, or a <xref:System.Diagnostics.EventLog.Log%2A> and <xref:System.Diagnostics.EventLog.MachineName%2A>.  
  
> [!NOTE]
>  You are not required to specify the <xref:System.Diagnostics.EventLog.MachineName%2A> if you are connecting to a log on the local computer. If you do not specify the <xref:System.Diagnostics.EventLog.MachineName%2A>, the local computer (".") is assumed.  
  
 Use <xref:System.Diagnostics.EventLog.WriteEvent%2A> and <xref:System.Diagnostics.EventLog.WriteEntry%2A> to write events to an event log. You must specify an event source to write events; you must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 You can create an event source for an existing event log or a new event log. When you create a new source for a new event log, the system registers the source for that log, but the log is not created until the first entry is written to it.  
  
 The source must be unique on the local computer; a new source name cannot match an existing source name or an existing event log name. Each source can write to only one event log at a time; however, your application can use multiple sources to write to multiple event logs. For example, your application might require multiple sources configured for different event logs or different resource files.  
  
 If you change the <xref:System.Diagnostics.EventLog.Source%2A> value, the <xref:System.Diagnostics.EventLog> to which it is registered is closed and all event handles are released.  
  
 The source must be configured either for writing localized entries or for writing direct strings. If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
 To change the configuration details of an existing source, you must delete the source and then create it with the new configuration. If other applications or components use the existing source, create a new source with the updated configuration rather than deleting the existing source.  
  
> [!NOTE]
>  If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Source Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Source/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Source Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The source name results in a registry key path longer than 254 characters.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Log" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
      </Docs>
    </Member>
    <MemberGroup MemberName="SourceExists">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Searches a computer's registry for a given event source.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="SourceExists">
      <MemberSignature Language="C#" Value="public static bool SourceExists (string source);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig bool SourceExists(string source) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function SourceExists (source As String) As Boolean" />
      <MemberSignature Language="F#" Value="static member SourceExists : string -&gt; bool" Usage="System.Diagnostics.EventLog.SourceExists source" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static bool SourceExists(System::String ^ source);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Boolean</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The name of the event source.</param>
        <summary>Determines whether an event source is registered on the local computer.</summary>
        <returns>
          <see langword="true" /> if the event source is registered on the local computer; otherwise, <see langword="false" />.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to determine whether an event source exists on the local computer. If you want to determine whether a log exists on the local computer, use <xref:System.Diagnostics.EventLog.Exists%2A>.  
  
 Because this method accesses the registry, you must have the appropriate registry permissions on the local computer; otherwise, a <xref:System.Security.SecurityException> will be thrown.  
  
> [!NOTE]
>  To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.  
>   
>  The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
>   
>  Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses performance counters, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
> [!NOTE]
>  A service that is executing under the <xref:System.ServiceProcess.ServiceAccount.LocalSystem> account does not have the privileges required to execute this method. The solution is to check whether the event source exists in the <xref:System.ServiceProcess.ServiceInstaller>, and if it does not exist, to create the source in the installer.  
  
 Because you cannot give a new source the name of an existing source on the same computer, use this method before attempting to call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to ensure that a source with the name specified by `source` does not already exist on the local computer. The `source` parameter is not case-sensitive.  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.Source Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Source/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.Source Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.Security.SecurityException">
          <paramref name="source" /> was not found, but some or all of the event logs could not be searched.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
      </Docs>
    </Member>
    <Member MemberName="SourceExists">
      <MemberSignature Language="C#" Value="public static bool SourceExists (string source, string machineName);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig bool SourceExists(string source, string machineName) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.SourceExists(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Function SourceExists (source As String, machineName As String) As Boolean" />
      <MemberSignature Language="F#" Value="static member SourceExists : string * string -&gt; bool" Usage="System.Diagnostics.EventLog.SourceExists (source, machineName)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static bool SourceExists(System::String ^ source, System::String ^ machineName);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Boolean</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="machineName" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The name of the event source.</param>
        <param name="machineName">The name the computer on which to look, or "." for the local computer.</param>
        <summary>Determines whether an event source is registered on a specified computer.</summary>
        <returns>
          <see langword="true" /> if the event source is registered on the given computer; otherwise, <see langword="false" />.</returns>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to determine whether an event source exists on the computer specified by the `machineName` parameter. If you want to determine whether a log exists on the specified computer, use <xref:System.Diagnostics.EventLog.Exists%2A>.  
  
 Because this method accesses the registry, you must have the appropriate registry permissions on the given server; otherwise, a <xref:System.Security.SecurityException> will be thrown.  
  
> [!NOTE]
>  To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.  
>   
>  The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a <xref:System.Security.SecurityException> is thrown.  
>   
>  Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses performance counters, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.  
  
> [!NOTE]
>  A service that is executing under the <xref:System.ServiceProcess.ServiceAccount.LocalSystem> account does not have the privileges required to execute this method. The solution is to check whether the event source exists in the <xref:System.ServiceProcess.ServiceInstaller>, and if it does not exist, to create the source in the installer.  
  
 Because you cannot give a new source the name of an existing source on the same computer, use this method before attempting to call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> to ensure that a source with the name specified by `source` does not already exist on the computer. The `source` and `machineName` parameters are not case sensitive.  
  
 <xref:System.Diagnostics.EventLog.SourceExists%2A> is a `static` method, so it can be called on the class itself. It is not necessary to create an instance of <xref:System.Diagnostics.EventLog> to call <xref:System.Diagnostics.EventLog.SourceExists%2A>.  
  
   
  
## Examples  
 The following example creates the source `MySource` on the computer `MyServer`, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.SourceExists1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/CreateEventSource/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.SourceExists1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">
          <paramref name="machineName" /> is an invalid computer name.</exception>
        <exception cref="T:System.Security.SecurityException">
          <paramref name="source" /> was not found, but some or all of the event logs could not be searched.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.Exists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.MachineName" />
      </Docs>
    </Member>
    <Member MemberName="SynchronizingObject">
      <MemberSignature Language="C#" Value="public System.ComponentModel.ISynchronizeInvoke SynchronizingObject { get; set; }" />
      <MemberSignature Language="ILAsm" Value=".property instance class System.ComponentModel.ISynchronizeInvoke SynchronizingObject" />
      <MemberSignature Language="DocId" Value="P:System.Diagnostics.EventLog.SynchronizingObject" />
      <MemberSignature Language="VB.NET" Value="Public Property SynchronizingObject As ISynchronizeInvoke" />
      <MemberSignature Language="F#" Value="member this.SynchronizingObject : System.ComponentModel.ISynchronizeInvoke with get, set" Usage="System.Diagnostics.EventLog.SynchronizingObject" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; property System::ComponentModel::ISynchronizeInvoke ^ SynchronizingObject { System::ComponentModel::ISynchronizeInvoke ^ get(); void set(System::ComponentModel::ISynchronizeInvoke ^ value); };" />
      <MemberType>Property</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.Browsable(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.Browsable(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute>
          <AttributeName Language="C#">[System.ComponentModel.DefaultValue(null)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.ComponentModel.DefaultValue(null)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-1.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Diagnostics.MonitoringDescription("LogSynchronizingObject")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Diagnostics.MonitoringDescription("LogSynchronizingObject")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.ComponentModel.ISynchronizeInvoke</ReturnType>
      </ReturnValue>
      <Docs>
        <summary>Gets or sets the object used to marshal the event handler calls issued as a result of an <see cref="T:System.Diagnostics.EventLog" /> entry written event.</summary>
        <value>The <see cref="T:System.ComponentModel.ISynchronizeInvoke" /> used to marshal event-handler calls issued as a result of an <see cref="E:System.Diagnostics.EventLog.EntryWritten" /> event on the event log.</value>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 When <xref:System.Diagnostics.EventLog.SynchronizingObject%2A> is `null`, methods handling the <xref:System.Diagnostics.EventLog.EntryWritten> event are called on a thread from the system thread pool. For more information on system thread pools, see <xref:System.Threading.ThreadPool>.  
  
 When the <xref:System.Diagnostics.EventLog.EntryWritten> event is handled by a visual Windows Forms component, such as a button, accessing the component through the system thread pool might not work, or might result in an exception. Avoid this by setting <xref:System.Diagnostics.EventLog.SynchronizingObject%2A> to a Windows Forms component, which causes the methods handling the <xref:System.Diagnostics.EventLog.EntryWritten> event to be called on the same thread on which the component was created.  
  
 If the <xref:System.Diagnostics.EventLog> is used inside Visual Studio 2005 in a Windows Forms designer, <xref:System.Diagnostics.EventLog.SynchronizingObject%2A> is automatically set to the control containing the <xref:System.Diagnostics.EventLog>. For example, if you place an <xref:System.Diagnostics.EventLog> on a designer for Form1 (which inherits from <xref:System.Windows.Forms.Form>) the <xref:System.Diagnostics.EventLog.SynchronizingObject%2A> property of <xref:System.Diagnostics.EventLog> is set to the instance of Form1.  
  
 ]]></format>
        </remarks>
        <altmember cref="E:System.Diagnostics.EventLog.EntryWritten" />
        <altmember cref="T:System.Threading.ThreadPool" />
      </Docs>
    </Member>
    <MemberGroup MemberName="WriteEntry">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Writes an entry in the event log.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public void WriteEntry (string message);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEntry(string message) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEntry (message As String)" />
      <MemberSignature Language="F#" Value="member this.WriteEntry : string -&gt; unit" Usage="eventLog.WriteEntry message" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEntry(System::String ^ message);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="message" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="message">The string to write to the event log.</param>
        <summary>Writes an information type entry, with the given message text, to the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an information entry to the event log associated with this <xref:System.Diagnostics.EventLog> instance. If you want to specify any other <xref:System.Diagnostics.EventLogEntryType>, use a different overload of <xref:System.Diagnostics.EventLog.WriteEntry%2A>.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before you can write entries to the log. You must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 If the source specified in the <xref:System.Diagnostics.EventLog.Source%2A> property of this <xref:System.Diagnostics.EventLog> instance is not registered on the computer that your component is writing to, <xref:System.Diagnostics.EventLog.WriteEntry%2A> calls <xref:System.Diagnostics.EventLog.CreateEventSource%2A> and registers the source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> or <xref:System.Diagnostics.EventLog.WriteEntry%2A>, the local computer (".") is assumed.  
  
 If the system needs to register the <xref:System.Diagnostics.EventLog.Source%2A> through a call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> and the <xref:System.Diagnostics.EventLog.Log%2A> property has not been set on your <xref:System.Diagnostics.EventLog> instance, the log defaults to the Application log.  
  
> [!NOTE]
>  Many of the exceptions listed above are generated by errors raised during the process of registering the <xref:System.Diagnostics.EventLog.Source%2A>.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the message (the text string) might not be what you expect if the remote computer is not running the .NET Framework.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/Overview/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.CreateEventSource Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public void WriteEntry (string message, System.Diagnostics.EventLogEntryType type);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEntry(string message, valuetype System.Diagnostics.EventLogEntryType type) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.Diagnostics.EventLogEntryType)" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEntry (message As String, type As EventLogEntryType)" />
      <MemberSignature Language="F#" Value="member this.WriteEntry : string * System.Diagnostics.EventLogEntryType -&gt; unit" Usage="eventLog.WriteEntry (message, type)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEntry(System::String ^ message, System::Diagnostics::EventLogEntryType type);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
      </Parameters>
      <Docs>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <summary>Writes an error, warning, information, success audit, or failure audit entry with the given message text to the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry of a specified <xref:System.Diagnostics.EventLogEntryType> to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before you can write entries to the log. You must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 If the source specified in the <xref:System.Diagnostics.EventLog.Source%2A> property of this <xref:System.Diagnostics.EventLog> instance is not registered on the computer that your component is writing to, <xref:System.Diagnostics.EventLog.WriteEntry%2A> calls <xref:System.Diagnostics.EventLog.CreateEventSource%2A> and registers the source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> or <xref:System.Diagnostics.EventLog.WriteEntry%2A>, the local computer (".") is assumed.  
  
 If the system needs to register the <xref:System.Diagnostics.EventLog.Source%2A> through a call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> and the <xref:System.Diagnostics.EventLog.Log%2A> property has not been set on your <xref:System.Diagnostics.EventLog> instance, the log defaults to the Application log.  
  
> [!NOTE]
>  Many exceptions listed above are generated by errors raised during the process of registering the <xref:System.Diagnostics.EventLog.Source%2A>.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the message (the text string) might not be what you expect if the remote computer is not running the .NET Framework.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 The following example writes a warning entry to an event log, "MyNewLog", on the local computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry2 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/source1.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry2 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public static void WriteEntry (string source, string message);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEntry(string source, string message) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.String)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEntry (source As String, message As String)" />
      <MemberSignature Language="F#" Value="static member WriteEntry : string * string -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEntry (source, message)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEntry(System::String ^ source, System::String ^ message);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="message" Type="System.String" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="message">The string to write to the event log.</param>
        <summary>Writes an information type entry with the given message text to the event log, using the specified registered event source.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an information entry to the event log, using a source that is already registered as an event source for the appropriate log. If you want to specify any other <xref:System.Diagnostics.EventLogEntryType>, use a different overload of <xref:System.Diagnostics.EventLog.WriteEntry%2A>.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
>   
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
   
  
## Examples  
 The following example creates the source `MySource` if it does not already exist, and writes an entry to the event log `MyNewLog`.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry1 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/source.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry1 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public void WriteEntry (string message, System.Diagnostics.EventLogEntryType type, int eventID);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEntry(string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.Diagnostics.EventLogEntryType,System.Int32)" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEntry (message As String, type As EventLogEntryType, eventID As Integer)" />
      <MemberSignature Language="F#" Value="member this.WriteEntry : string * System.Diagnostics.EventLogEntryType * int -&gt; unit" Usage="eventLog.WriteEntry (message, type, eventID)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEntry(System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
      </Parameters>
      <Docs>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <summary>Writes an entry with the given message text and application-defined event identifier to the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry with an application-defined `eventID` to the event log. The `eventID` together with the source uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers display these string values to help the user understand what went wrong and suggest what actions to take.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 In addition to the event identifier, you can specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before you can write entries to the log. You must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 If the source specified in the <xref:System.Diagnostics.EventLog.Source%2A> property of this <xref:System.Diagnostics.EventLog> instance is not registered on the computer that your component is writing to, <xref:System.Diagnostics.EventLog.WriteEntry%2A> calls <xref:System.Diagnostics.EventLog.CreateEventSource%2A> and registers the source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> or <xref:System.Diagnostics.EventLog.WriteEntry%2A>, the local computer (".") is assumed.  
  
 If the system needs to register the <xref:System.Diagnostics.EventLog.Source%2A> through a call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> and the <xref:System.Diagnostics.EventLog.Log%2A> property has not been set on your <xref:System.Diagnostics.EventLog> instance, the log defaults to the Application log.  
  
> [!NOTE]
>  Many exceptions listed above are generated by errors raised during the process of registering the <xref:System.Diagnostics.EventLog.Source%2A>.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the message (the text string) might not be what you expect if the remote computer is not running the .NET Framework.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_1_3/CPP/eventlog_writeentry_1_3.cpp" id="Snippet3":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_1_3.cs" id="Snippet3":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_1_3/VB/eventlog_writeentry_1_3.vb" id="Snippet3":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public static void WriteEntry (string source, string message, System.Diagnostics.EventLogEntryType type);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEntry(string source, string message, valuetype System.Diagnostics.EventLogEntryType type) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.String,System.Diagnostics.EventLogEntryType)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEntry (source As String, message As String, type As EventLogEntryType)" />
      <MemberSignature Language="F#" Value="static member WriteEntry : string * string * System.Diagnostics.EventLogEntryType -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEntry (source, message, type)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEntry(System::String ^ source, System::String ^ message, System::Diagnostics::EventLogEntryType type);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <summary>Writes an error, warning, information, success audit, or failure audit entry with the given message text to the event log, using the specified registered event source.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry of a specified <xref:System.Diagnostics.EventLogEntryType> to the event log, using a source already registered as an event source for the appropriate log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 The following example writes a warning entry to an event log, "MyNewLog", on the local computer.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry3 Example/CPP/source.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/source2.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_Classic/classic EventLog.WriteEntry3 Example/VB/source.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public void WriteEntry (string message, System.Diagnostics.EventLogEntryType type, int eventID, short category);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEntry(string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID, int16 category) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.Diagnostics.EventLogEntryType,System.Int32,System.Int16)" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEntry (message As String, type As EventLogEntryType, eventID As Integer, category As Short)" />
      <MemberSignature Language="F#" Value="member this.WriteEntry : string * System.Diagnostics.EventLogEntryType * int * int16 -&gt; unit" Usage="eventLog.WriteEntry (message, type, eventID, category)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEntry(System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID, short category);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
        <Parameter Name="category" Type="System.Int16" />
      </Parameters>
      <Docs>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <param name="category">The application-specific subcategory associated with the message.</param>
        <summary>Writes an entry with the given message text, application-defined event identifier, and application-defined category to the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry with an application-defined `category` to the event log. The Event Viewer uses the category to filter events written by an event source. The Event Viewer can display the category as a numeric value, or it can use the category as a resource identifier to display a localized category string.  
  
> [!NOTE]
>  The `category` parameter should be a positive value. Negative category values appear as a complementary positive number in the Event Viewer. For example, a -10 appears as 65,526, a -1 as 65,535.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 To display localized category strings in the Event Viewer, you must use an event source configured with a category resource file, and set the `category` to a resource identifier in the category resource file. If the event source does not have a configured category resource file, or the specified `category` does not index a string in the category resource file, then the Event Viewer displays the numeric category value for that entry. Configure the category resource file, along with the number of category strings in the resource file, using the <xref:System.Diagnostics.EventLogInstaller> or the <xref:System.Diagnostics.EventSourceCreationData> class.  
  
 In addition to the category, you can specify an event identifier for the event being written to the event log. Event identifiers, along with the event source, uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers display these string values to help the user understand what went wrong and suggest what actions to take.  
  
 Finally, you can specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before you can write entries to the log. You must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 If the source specified in the <xref:System.Diagnostics.EventLog.Source%2A> property of this <xref:System.Diagnostics.EventLog> instance is not registered on the computer that your component is writing to, <xref:System.Diagnostics.EventLog.WriteEntry%2A> calls <xref:System.Diagnostics.EventLog.CreateEventSource%2A> and registers the source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> or <xref:System.Diagnostics.EventLog.WriteEntry%2A>, the local computer (".") is assumed.  
  
 If the system needs to register the <xref:System.Diagnostics.EventLog.Source%2A> through a call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> and the <xref:System.Diagnostics.EventLog.Log%2A> property has not been set on your <xref:System.Diagnostics.EventLog> instance, the log defaults to the Application log.  
  
> [!NOTE]
>  Many exceptions listed above are generated by errors raised during the process of registering the <xref:System.Diagnostics.EventLog.Source%2A>.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the message (the text string) might not be what you expect if the remote computer is not running the .NET Framework.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_1_3/CPP/eventlog_writeentry_1_3.cpp" id="Snippet3":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_1_3.cs" id="Snippet3":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_1_3/VB/eventlog_writeentry_1_3.vb" id="Snippet3":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public static void WriteEntry (string source, string message, System.Diagnostics.EventLogEntryType type, int eventID);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEntry(string source, string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.String,System.Diagnostics.EventLogEntryType,System.Int32)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEntry (source As String, message As String, type As EventLogEntryType, eventID As Integer)" />
      <MemberSignature Language="F#" Value="static member WriteEntry : string * string * System.Diagnostics.EventLogEntryType * int -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEntry (source, message, type, eventID)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEntry(System::String ^ source, System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <summary>Writes an entry with the given message text and application-defined event identifier to the event log, using the specified registered event source.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry with an application-defined `eventID` to the event log, using a source already registered as an event source for the appropriate log. The `eventID`, along with the source, uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers present these strings to the user to help the user understand what went wrong and suggest what actions to take.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
 In addition to the event identifier, this overload of <xref:System.Diagnostics.EventLog.WriteEntry%2A> lets you specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_4/CPP/eventlog_writeentry_4.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_4.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_4/VB/eventlog_writeentry_4.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public void WriteEntry (string message, System.Diagnostics.EventLogEntryType type, int eventID, short category, byte[] rawData);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEntry(string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID, int16 category, unsigned int8[] rawData) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.Diagnostics.EventLogEntryType,System.Int32,System.Int16,System.Byte[])" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEntry (message As String, type As EventLogEntryType, eventID As Integer, category As Short, rawData As Byte())" />
      <MemberSignature Language="F#" Value="member this.WriteEntry : string * System.Diagnostics.EventLogEntryType * int * int16 * byte[] -&gt; unit" Usage="eventLog.WriteEntry (message, type, eventID, category, rawData)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEntry(System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID, short category, cli::array &lt;System::Byte&gt; ^ rawData);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
        <Parameter Name="category" Type="System.Int16" />
        <Parameter Name="rawData" Type="System.Byte[]" />
      </Parameters>
      <Docs>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <param name="category">The application-specific subcategory associated with the message.</param>
        <param name="rawData">An array of bytes that holds the binary data associated with the entry.</param>
        <summary>Writes an entry with the given message text, application-defined event identifier, and application-defined category to the event log, and appends binary data to the message.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this overload to write application-defined event-specific data to the event log. The Event Viewer does not interpret this data; it displays raw data only in a combined hexadecimal and text format. Use event-specific data sparingly, including it only if you are sure it will be useful to someone debugging the problem. You can also use event-specific data to store information the application can process independently of the Event Viewer. For example, you could write a viewer specifically for your events, or write a program that scans the logfile and creates reports that include information from the event-specific data.  
  
 In addition to the binary data, you can specify an application-defined category and an application-defined event identifier. The Event Viewer uses the category to filter events written by an event source. The Event Viewer can display the category as a numeric value, or it can use the category as a resource identifier to display a localized category string.  
  
> [!NOTE]
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
> [!NOTE]
>  The `category` parameter should be a positive value. Negative category values appear as a complementary positive number in the Event Viewer. For example, a -10 appears as 65,526, a -1 as 65,535.  
  
 To display localized category strings in the Event Viewer, you must use an event source configured with a category resource file, and set the `category` to a resource identifier in the category resource file. If the event source does not have a configured category resource file, or the specified `category` does not index a string in the category resource file, then the Event Viewer displays the numeric category value for that entry. Configure the category resource file, along with the number of category strings in the resource file, using the <xref:System.Diagnostics.EventLogInstaller> or the <xref:System.Diagnostics.EventSourceCreationData> class.  
  
 Event identifiers, along with the event source, uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers display these string values to help the user understand what went wrong and suggest what actions to take.  
  
 Finally, you can specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before you can write entries to the log. You must create and configure the event source before writing the first entry with the source.  
  
 Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 If the source specified in the <xref:System.Diagnostics.EventLog.Source%2A> property of this <xref:System.Diagnostics.EventLog> instance is not registered on the computer that your component is writing to, <xref:System.Diagnostics.EventLog.WriteEntry%2A> calls <xref:System.Diagnostics.EventLog.CreateEventSource%2A> and registers the source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.CreateEventSource%2A> or <xref:System.Diagnostics.EventLog.WriteEntry%2A>, the local computer (".") is assumed.  
  
 If the system needs to register the <xref:System.Diagnostics.EventLog.Source%2A> through a call to <xref:System.Diagnostics.EventLog.WriteEntry%2A> and the <xref:System.Diagnostics.EventLog.Log%2A> property has not been set on your <xref:System.Diagnostics.EventLog> instance, the log defaults to the Application log.  
  
> [!NOTE]
>  Many exceptions listed above are generated by errors raised during the process of registering the <xref:System.Diagnostics.EventLog.Source%2A>.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the message (the text string) might not be what you expect if the remote computer is not running the .NET Framework.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_5/CPP/eventlog_writeentry_5.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_5.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_5/VB/eventlog_writeentry_5.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public static void WriteEntry (string source, string message, System.Diagnostics.EventLogEntryType type, int eventID, short category);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEntry(string source, string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID, int16 category) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.String,System.Diagnostics.EventLogEntryType,System.Int32,System.Int16)" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEntry (source As String, message As String, type As EventLogEntryType, eventID As Integer, category As Short)" />
      <MemberSignature Language="F#" Value="static member WriteEntry : string * string * System.Diagnostics.EventLogEntryType * int * int16 -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEntry (source, message, type, eventID, category)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEntry(System::String ^ source, System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID, short category);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
        <Parameter Name="category" Type="System.Int16" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <param name="category">The application-specific subcategory associated with the message.</param>
        <summary>Writes an entry with the given message text, application-defined event identifier, and application-defined category to the event log, using the specified registered event source. The <paramref name="category" /> can be used by the Event Viewer to filter events in the log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write an entry with an application-defined `category` to the event log, using a source that is already registered as an event source for the appropriate log. The Event Viewer uses the category to filter events written by an event source. The Event Viewer can display the category as a numeric value, or it can use the category as a resource identifier to display a localized category string.  
  
> [!NOTE]
>  The `category` parameter should be a positive value. Negative category values appear as a complementary positive number in the Event Viewer. For example, a -10 appears as 65,526, a -1 as 65,535.  
  
 To display localized category strings in the Event Viewer, you must use an event source configured with a category resource file, and set the `category` to a resource identifier in the category resource file. If the event source does not have a configured category resource file, or the specified `category` does not index a string in the category resource file, then the Event Viewer displays the numeric category value for that entry. Configure the category resource file, along with the number of category strings in the resource file, using the <xref:System.Diagnostics.EventLogInstaller> or the <xref:System.Diagnostics.EventSourceCreationData> class.  
  
 In addition to the category, you can specify an event identifier for the event being written to the event log. Event identifiers, along with the event source, uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers display these string values to help the user understand what went wrong and suggest what actions to take.  
  
 Finally, you can specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
>   
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_1_3/CPP/eventlog_writeentry_1_3.cpp" id="Snippet1":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_1_3.cs" id="Snippet1":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_1_3/VB/eventlog_writeentry_1_3.vb" id="Snippet1":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <Member MemberName="WriteEntry">
      <MemberSignature Language="C#" Value="public static void WriteEntry (string source, string message, System.Diagnostics.EventLogEntryType type, int eventID, short category, byte[] rawData);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEntry(string source, string message, valuetype System.Diagnostics.EventLogEntryType type, int32 eventID, int16 category, unsigned int8[] rawData) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEntry(System.String,System.String,System.Diagnostics.EventLogEntryType,System.Int32,System.Int16,System.Byte[])" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEntry (source As String, message As String, type As EventLogEntryType, eventID As Integer, category As Short, rawData As Byte())" />
      <MemberSignature Language="F#" Value="static member WriteEntry : string * string * System.Diagnostics.EventLogEntryType * int * int16 * byte[] -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEntry (source, message, type, eventID, category, rawData)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEntry(System::String ^ source, System::String ^ message, System::Diagnostics::EventLogEntryType type, int eventID, short category, cli::array &lt;System::Byte&gt; ^ rawData);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>1.0.5000.0</AssemblyVersion>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" />
        <Parameter Name="message" Type="System.String" />
        <Parameter Name="type" Type="System.Diagnostics.EventLogEntryType" />
        <Parameter Name="eventID" Type="System.Int32" />
        <Parameter Name="category" Type="System.Int16" />
        <Parameter Name="rawData" Type="System.Byte[]" />
      </Parameters>
      <Docs>
        <param name="source">The source by which the application is registered on the specified computer.</param>
        <param name="message">The string to write to the event log.</param>
        <param name="type">One of the <see cref="T:System.Diagnostics.EventLogEntryType" /> values.</param>
        <param name="eventID">The application-specific identifier for the event.</param>
        <param name="category">The application-specific subcategory associated with the message.</param>
        <param name="rawData">An array of bytes that holds the binary data associated with the entry.</param>
        <summary>Writes an entry with the given message text, application-defined event identifier, and application-defined category to the event log (using the specified registered event source) and appends binary data to the message.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write application-defined event-specific data to the event log, using a source already registered as an event source for the appropriate log. The Event Viewer does not interpret this data; it displays raw data only in a combined hexadecimal and text format. Use event-specific data sparingly; include it only if you are sure it will be useful. You can also use event-specific data to store information the application can process independently of the Event Viewer. For example, you could write a viewer specifically for your events, or write a program that scans the logfile and creates reports that include information from the event-specific data.  
  
 In addition to the binary data, you can specify an application-defined category and an application-defined event identifier. The Event Viewer uses the category to filter events written by an event source. The Event Viewer can display the category as a numeric value, or it can use the category as a resource identifier to display a localized category string.  
  
> [!NOTE]
>  The `category` parameter should be a positive value. Negative category values appear as a complementary positive number in the Event Viewer. For example, a -10 will appear as 65,526, a -1 as 65,535.  
  
 To display localized category strings in the Event Viewer, you must use an event source configured with a category resource file, and set the `category` to a resource identifier in the category resource file. If the event source does not have a configured category resource file, or the specified `category` does not index a string in the category resource file, then the Event Viewer displays the numeric category value for that entry. Configure the category resource file, along with the number of category strings in the resource file, using the <xref:System.Diagnostics.EventLogInstaller> or the <xref:System.Diagnostics.EventSourceCreationData> class.  
  
 Event identifiers, together with the event source, uniquely identify an event. Each application can define its own numbered events and the description strings to which they map. Event viewers display these string values to help the user understand what went wrong and suggest what actions to take.  
  
 Finally, you can specify an <xref:System.Diagnostics.EventLogEntryType> for the event being written to the event log. The `type` is indicated by an icon and text in the Type column in the Event Viewer for a log. This parameter indicates whether the event type is error, warning, information, success audit, or failure audit.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. The <xref:System.Diagnostics.EventLog.WriteEntry%2A> method writes the given string directly to the event log; it does not use a localizable message resource file. Use the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write events using a localized message resource file.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If the `message` parameter contains a NUL character, the message in the event log is terminated at the NUL character.  
>   
>  The `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
   
  
## Examples  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/EventLog_WriteEntry_1_3/CPP/eventlog_writeentry_1_3.cpp" id="Snippet2":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventLog/WriteEntry/eventlog_writeentry_1_3.cs" id="Snippet2":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/EventLog_WriteEntry_1_3/VB/eventlog_writeentry_1_3.vb" id="Snippet2":::  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 <paramref name="eventID" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 The message string is longer than 31,718 bytes (32,766 bytes on Windows operating systems before Windows Vista).  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ComponentModel.InvalidEnumArgumentException">
          <paramref name="type" /> is not a valid <see cref="T:System.Diagnostics.EventLogEntryType" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="T:System.Diagnostics.EventLogEntryType" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="M:System.Diagnostics.EventLog.DeleteEventSource(System.String)" />
        <altmember cref="M:System.Diagnostics.EventLog.SourceExists(System.String)" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
      </Docs>
    </Member>
    <MemberGroup MemberName="WriteEvent">
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Docs>
        <summary>Writes a localized event entry to the event log.</summary>
      </Docs>
    </MemberGroup>
    <Member MemberName="WriteEvent">
      <MemberSignature Language="C#" Value="public void WriteEvent (System.Diagnostics.EventInstance instance, params object[] values);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEvent(class System.Diagnostics.EventInstance instance, object[] values) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEvent(System.Diagnostics.EventInstance,System.Object[])" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEvent (instance As EventInstance, ParamArray values As Object())" />
      <MemberSignature Language="F#" Value="member this.WriteEvent : System.Diagnostics.EventInstance * obj[] -&gt; unit" Usage="eventLog.WriteEvent (instance, values)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEvent(System::Diagnostics::EventInstance ^ instance, ... cli::array &lt;System::Object ^&gt; ^ values);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
        <Attribute FrameworkAlternate="netframework-4.0">
          <AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="instance" Type="System.Diagnostics.EventInstance" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="values" Type="System.Object[]" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <Attributes>
            <Attribute>
              <AttributeName Language="C#">[System.ParamArray]</AttributeName>
              <AttributeName Language="F#">[&lt;System.ParamArray&gt;]</AttributeName>
            </Attribute>
          </Attributes>
        </Parameter>
      </Parameters>
      <Docs>
        <param name="instance">An <see cref="T:System.Diagnostics.EventInstance" /> instance that represents a localized event log entry.</param>
        <param name="values">An array of strings to merge into the message text of the event log entry.</param>
        <summary>Writes a localized entry to the event log.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write a localized entry to the event log. You specify the event properties with resource identifiers rather than string values. The Event Viewer uses the resource identifiers to display the corresponding strings from the localized resource file for the <xref:System.Diagnostics.EventLog.Source%2A>. You must register the source with the corresponding resource file before you write events using resource identifiers.  
  
 The input `instance` instance specifies the event message and properties. Set the <xref:System.Diagnostics.EventInstance.InstanceId%2A> of the `instance` input for the defined message in the source message resource file. You can optionally set the <xref:System.Diagnostics.EventInstance.CategoryId%2A> and <xref:System.Diagnostics.EventInstance.EntryType%2A> of the `instance` input to define the category and event type of your event entry. You can also specify an array of language-independent strings to insert into the localized message text. Set `values` to `null` if the event message does not contain formatting placeholders for replacement strings.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before using <xref:System.Diagnostics.EventLog.WriteEvent%2A>. The specified source must be configured for writing localized entries to the log; the source must at minimum have a message resource file defined.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. Use the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method if your application writes string values directly to the event log.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the `message` string might not be what you expect if the remote computer is not running the .NET Framework. Also, the `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
   
  
## Examples  
 The following example writes two audit entries to the event log `myNewLog`. The example creates a new event source and a new event log if they do not exist on the local computer. The event message text is specified using a resource identifier in a resource file.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet7":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet7":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet7":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 <paramref name="instance.InstanceId" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 <paramref name="values" /> has more than 256 elements.  
  
-or-
  
 One of the <paramref name="values" /> elements is longer than 32766 bytes.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="instance" /> is <see langword="null" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="T:System.Diagnostics.EventInstance" />
      </Docs>
    </Member>
    <Member MemberName="WriteEvent">
      <MemberSignature Language="C#" Value="public void WriteEvent (System.Diagnostics.EventInstance instance, byte[] data, params object[] values);" />
      <MemberSignature Language="ILAsm" Value=".method public hidebysig instance void WriteEvent(class System.Diagnostics.EventInstance instance, unsigned int8[] data, object[] values) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEvent(System.Diagnostics.EventInstance,System.Byte[],System.Object[])" />
      <MemberSignature Language="VB.NET" Value="Public Sub WriteEvent (instance As EventInstance, data As Byte(), ParamArray values As Object())" />
      <MemberSignature Language="F#" Value="member this.WriteEvent : System.Diagnostics.EventInstance * byte[] * obj[] -&gt; unit" Usage="eventLog.WriteEvent (instance, data, values)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; void WriteEvent(System::Diagnostics::EventInstance ^ instance, cli::array &lt;System::Byte&gt; ^ data, ... cli::array &lt;System::Object ^&gt; ^ values);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <Attributes>
        <Attribute FrameworkAlternate="netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1">
          <AttributeName Language="C#">[System.Runtime.InteropServices.ComVisible(false)]</AttributeName>
          <AttributeName Language="F#">[&lt;System.Runtime.InteropServices.ComVisible(false)&gt;]</AttributeName>
        </Attribute>
      </Attributes>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="instance" Type="System.Diagnostics.EventInstance" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="data" Type="System.Byte[]" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="values" Type="System.Object[]" Index="2" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <Attributes>
            <Attribute>
              <AttributeName Language="C#">[System.ParamArray]</AttributeName>
              <AttributeName Language="F#">[&lt;System.ParamArray&gt;]</AttributeName>
            </Attribute>
          </Attributes>
        </Parameter>
      </Parameters>
      <Docs>
        <param name="instance">An <see cref="T:System.Diagnostics.EventInstance" /> instance that represents a localized event log entry.</param>
        <param name="data">An array of bytes that holds the binary data associated with the entry.</param>
        <param name="values">An array of strings to merge into the message text of the event log entry.</param>
        <summary>Writes an event log entry with the given event data, message replacement strings, and associated binary data.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write a localized entry with additional event-specific data to the event log. You specify the event properties with resource identifiers rather than string values. The Event Viewer uses the resource identifiers to display the corresponding strings from the localized resource file for the <xref:System.Diagnostics.EventLog.Source%2A>. You must register the source with the corresponding resource file before you write events using resource identifiers.  
  
 The input `instance` instance specifies the event message and properties. Set the <xref:System.Diagnostics.EventInstance.InstanceId%2A> of the `instance` input for the defined message in the source message resource file. You can optionally set the <xref:System.Diagnostics.EventInstance.CategoryId%2A> and <xref:System.Diagnostics.EventInstance.EntryType%2A> of the `instance` input to define the category and event type of your event entry. You can also specify an array of language-independent strings to insert into the localized message text. Set `values` to `null` if the event message does not contain formatting placeholders for replacement strings.  
  
 Specify binary data with an event when it is necessary to provide additional details for the event. For example, use the `data` parameter to include information on a specific error. The Event Viewer does not interpret the associated event data; it displays the data in a combined hexadecimal and text format. Use event-specific data sparingly; include it only if you are sure it will be useful. You can also use event-specific data to store information the application can process independently of the Event Viewer. For example, you could write a viewer specifically for your events, or write a program that scans the event log and creates reports that include information from the event-specific data.  
  
 You must set the <xref:System.Diagnostics.EventLog.Source%2A> property on your <xref:System.Diagnostics.EventLog> component before component before using <xref:System.Diagnostics.EventLog.WriteEvent%2A>. The specified source must be configured for writing localized entries to the log; the source must at minimum have a message resource file defined.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
> [!NOTE]
>  If you do not specify a <xref:System.Diagnostics.EventLog.MachineName%2A> for your <xref:System.Diagnostics.EventLog> instance before you call <xref:System.Diagnostics.EventLog.WriteEvent%2A>, the local computer (".") is assumed.  
  
 The source must be configured either for writing localized entries or for writing direct strings. Use the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method if your application writes string values directly to the event log.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
> [!NOTE]
>  If you write an entry to a remote computer, the value of the `message` string might not be what you expect if the remote computer is not running the .NET Framework. Also, the `message` string cannot contain %*n*, where *n* is an integer value (for example, %1), because the event viewer treats it as an insertion string. Because an Internet Protocol, version 6 (IPv6) address can contain this character sequence, you cannot log an event message that contains an IPv6 address.  
  
   
  
## Examples  
 The following example writes two audit entries to the event log `myNewLog`. The example creates a new event source and a new event log if they do not exist on the local computer. The event message text is specified using a resource identifier in a resource file.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet7":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet7":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet7":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <see cref="P:System.Diagnostics.EventLog.Source" /> property of the <see cref="T:System.Diagnostics.EventLog" /> has not been set.  
  
 -or-  
  
 The method attempted to register a new event source, but the computer name in <see cref="P:System.Diagnostics.EventLog.MachineName" /> is not valid.  
  
-or-
  
 The source is already registered for a different event log.  
  
-or-
  
 <paramref name="instance.InstanceId" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 <paramref name="values" /> has more than 256 elements.  
  
-or-
  
 One of the <paramref name="values" /> elements is longer than 32766 bytes.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="instance" /> is <see langword="null" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="T:System.Diagnostics.EventInstance" />
      </Docs>
    </Member>
    <Member MemberName="WriteEvent">
      <MemberSignature Language="C#" Value="public static void WriteEvent (string source, System.Diagnostics.EventInstance instance, params object[] values);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEvent(string source, class System.Diagnostics.EventInstance instance, object[] values) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEvent(System.String,System.Diagnostics.EventInstance,System.Object[])" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEvent (source As String, instance As EventInstance, ParamArray values As Object())" />
      <MemberSignature Language="F#" Value="static member WriteEvent : string * System.Diagnostics.EventInstance * obj[] -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEvent (source, instance, values)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEvent(System::String ^ source, System::Diagnostics::EventInstance ^ instance, ... cli::array &lt;System::Object ^&gt; ^ values);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="instance" Type="System.Diagnostics.EventInstance" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="values" Type="System.Object[]" Index="2" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <Attributes>
            <Attribute>
              <AttributeName Language="C#">[System.ParamArray]</AttributeName>
              <AttributeName Language="F#">[&lt;System.ParamArray&gt;]</AttributeName>
            </Attribute>
          </Attributes>
        </Parameter>
      </Parameters>
      <Docs>
        <param name="source">The name of the event source registered for the application on the specified computer.</param>
        <param name="instance">An <see cref="T:System.Diagnostics.EventInstance" /> instance that represents a localized event log entry.</param>
        <param name="values">An array of strings to merge into the message text of the event log entry.</param>
        <summary>Writes an event log entry with the given event data and message replacement strings, using the specified registered event source.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write a localized entry to the event log, using a source already registered as an event source for the appropriate log. You specify the event properties with resource identifiers rather than string values. The Event Viewer uses the resource identifiers to display the corresponding strings from the localized resource file for the source. You must register the source with the corresponding resource file before you write events using resource identifiers.  
  
 The input `instance` instance specifies the event message and properties. Set the <xref:System.Diagnostics.EventInstance.InstanceId%2A> of the `instance` input for the defined message in the source message resource file. You can optionally set the <xref:System.Diagnostics.EventInstance.CategoryId%2A> and <xref:System.Diagnostics.EventInstance.EntryType%2A> of the `instance` input to define the category and event type of your event entry. You can also specify an array of language-independent strings to insert into the localized message text. Set `values` to `null` if the event message does not contain formatting placeholders for replacement strings.  
  
 The specified source must be registered for an event log before using <xref:System.Diagnostics.EventLog.WriteEvent%2A>. The specified source must be configured for writing localized entries to the log; the source must at minimum have a message resource file defined.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. Use the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method if your application writes string values directly to the event log.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
   
  
## Examples  
 The following example writes an informational event entry and a warning event entry to an existing event log. The event message text is specified using a resource identifier in a resource file. The example assumes the corresponding resource file has been registered for the source.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet8":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet8":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet8":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 <paramref name="instance.InstanceId" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 <paramref name="values" /> has more than 256 elements.  
  
-or-
  
 One of the <paramref name="values" /> elements is longer than 32766 bytes.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="instance" /> is <see langword="null" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="T:System.Diagnostics.EventInstance" />
      </Docs>
    </Member>
    <Member MemberName="WriteEvent">
      <MemberSignature Language="C#" Value="public static void WriteEvent (string source, System.Diagnostics.EventInstance instance, byte[] data, params object[] values);" />
      <MemberSignature Language="ILAsm" Value=".method public static hidebysig void WriteEvent(string source, class System.Diagnostics.EventInstance instance, unsigned int8[] data, object[] values) cil managed" />
      <MemberSignature Language="DocId" Value="M:System.Diagnostics.EventLog.WriteEvent(System.String,System.Diagnostics.EventInstance,System.Byte[],System.Object[])" />
      <MemberSignature Language="VB.NET" Value="Public Shared Sub WriteEvent (source As String, instance As EventInstance, data As Byte(), ParamArray values As Object())" />
      <MemberSignature Language="F#" Value="static member WriteEvent : string * System.Diagnostics.EventInstance * byte[] * obj[] -&gt; unit" Usage="System.Diagnostics.EventLog.WriteEvent (source, instance, data, values)" />
      <MemberSignature Language="C++ CLI" Value="public:&#xA; static void WriteEvent(System::String ^ source, System::Diagnostics::EventInstance ^ instance, cli::array &lt;System::Byte&gt; ^ data, ... cli::array &lt;System::Object ^&gt; ^ values);" />
      <MemberType>Method</MemberType>
      <AssemblyInfo>
        <AssemblyName>System</AssemblyName>
        <AssemblyVersion>2.0.0.0</AssemblyVersion>
        <AssemblyVersion>4.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <AssemblyInfo>
        <AssemblyName>System.Diagnostics.EventLog</AssemblyName>
        <AssemblyVersion>4.0.1.0</AssemblyVersion>
        <AssemblyVersion>4.0.2.0</AssemblyVersion>
        <AssemblyVersion>5.0.0.0</AssemblyVersion>
        <AssemblyVersion>6.0.0.0</AssemblyVersion>
        <AssemblyVersion>7.0.0.0</AssemblyVersion>
        <AssemblyVersion>8.0.0.0</AssemblyVersion>
        <AssemblyVersion>9.0.0.0</AssemblyVersion>
      </AssemblyInfo>
      <ReturnValue>
        <ReturnType>System.Void</ReturnType>
      </ReturnValue>
      <Parameters>
        <Parameter Name="source" Type="System.String" Index="0" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="instance" Type="System.Diagnostics.EventInstance" Index="1" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="data" Type="System.Byte[]" Index="2" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0" />
        <Parameter Name="values" Type="System.Object[]" Index="3" FrameworkAlternate="net-6.0;net-7.0;net-8.0;net-9.0;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;windowsdesktop-3.0;windowsdesktop-3.1;windowsdesktop-5.0;windowsdesktop-6.0;windowsdesktop-7.0;windowsdesktop-8.0;windowsdesktop-9.0">
          <Attributes>
            <Attribute>
              <AttributeName Language="C#">[System.ParamArray]</AttributeName>
              <AttributeName Language="F#">[&lt;System.ParamArray&gt;]</AttributeName>
            </Attribute>
          </Attributes>
        </Parameter>
      </Parameters>
      <Docs>
        <param name="source">The name of the event source registered for the application on the specified computer.</param>
        <param name="instance">An <see cref="T:System.Diagnostics.EventInstance" /> instance that represents a localized event log entry.</param>
        <param name="data">An array of bytes that holds the binary data associated with the entry.</param>
        <param name="values">An array of strings to merge into the message text of the event log entry.</param>
        <summary>Writes an event log entry with the given event data, message replacement strings, and associated binary data, and using the specified registered event source.</summary>
        <remarks>
          <format type="text/markdown"><![CDATA[  
  
## Remarks  
 Use this method to write a localized entry with additional event-specific data to the event log, using a source already registered as an event source for the appropriate log. You specify the event properties with resource identifiers rather than string values. The Event Viewer uses the resource identifiers to display the corresponding strings from the localized resource file for the source. You must register the source with the corresponding resource file before you write events using resource identifiers.  
  
 The input `instance` instance specifies the event message and properties. Set the <xref:System.Diagnostics.EventInstance.InstanceId%2A> of the `instance` input for the defined message in the source message resource file. You can optionally set the <xref:System.Diagnostics.EventInstance.CategoryId%2A> and <xref:System.Diagnostics.EventInstance.EntryType%2A> of the `instance` input to define the category and event type of your event entry. You can also specify an array of language-independent strings to insert into the localized message text. Set `values` to `null` if the event message does not contain formatting placeholders for replacement strings.  
  
 Specify binary data with an event when it is necessary to provide additional details for the event. For example, use the `data` parameter to include information on a specific error. The Event Viewer does not interpret the associated event data; it displays the data in a combined hexadecimal and text format. Use event-specific data sparingly; include it only if you are sure it will be useful. You can also use event-specific data to store information the application can process independently of the Event Viewer. For example, you could write a viewer specifically for your events, or write a program that scans the event log and creates reports that include information from the event-specific data.  
  
 The specified source must be registered for an event log before using <xref:System.Diagnostics.EventLog.WriteEvent%2A>. The specified source must be configured for writing localized entries to the log; the source must at minimum have a message resource file defined.  
  
 You must create and configure the event source before writing the first entry with the source. Create the new event source during the installation of your application. This allows time for the operating system to refresh its list of registered event sources and their configuration. If the operating system has not refreshed its list of event sources, and you attempt to write an event with the new source, the write operation will fail. You can configure a new source using an <xref:System.Diagnostics.EventLogInstaller>, or using the <xref:System.Diagnostics.EventLog.CreateEventSource%2A> method. You must have administrative rights on the computer to create a new event source.  
  
 The source must be configured either for writing localized entries or for writing direct strings. Use the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method if your application writes string values directly to the event log.  
  
 If your application writes entries using both resource identifiers and string values, you must register two separate sources. For example, configure one source with resource files, and then use that source in the <xref:System.Diagnostics.EventLog.WriteEvent%2A> method to write entries using resource identifiers to the event log. Then create a different source without resource files, and use that source in the <xref:System.Diagnostics.EventLog.WriteEntry%2A> method to write strings directly to the event log using that source.  
  
   
  
## Examples  
 The following example writes an informational event entry and a warning event entry to an existing event log. The event message text is specified using a resource identifier in a resource file. The example assumes the corresponding resource file has been registered for the source.  
  
 :::code language="cpp" source="~/snippets/cpp/VS_Snippets_CLR/eventlog_WriteEvent/CPP/source.cpp" id="Snippet8":::
 :::code language="csharp" source="~/snippets/csharp/System.Diagnostics/EventInstance/Overview/source.cs" id="Snippet8":::
 :::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR/eventlog_WriteEvent/VB/source.vb" id="Snippet8":::  
  
 The example uses the following message text file, built into the resource library EventLogMsgs.dll. A message text file is the source from which the message resource file is created. The message text file defines the resource identifiers and text for the category, event message, and parameter insertion strings.  
  
```  
; // EventLogMsgs.mc  
; // ********************************************************  
  
; // Use the following commands to build this file:  
  
; //   mc -s EventLogMsgs.mc  
; //   rc EventLogMsgs.rc  
; //   link /DLL /SUBSYSTEM:WINDOWS /NOENTRY /MACHINE:x86 EventLogMsgs.Res   
; // ********************************************************  
  
; // - Event categories -  
; // Categories must be numbered consecutively starting at 1.  
; // ********************************************************  
  
MessageId=0x1  
Severity=Success  
SymbolicName=INSTALL_CATEGORY  
Language=English  
Installation  
.  
  
MessageId=0x2  
Severity=Success  
SymbolicName=QUERY_CATEGORY  
Language=English  
Database Query  
.  
  
MessageId=0x3  
Severity=Success  
SymbolicName=REFRESH_CATEGORY  
Language=English  
Data Refresh  
.  
  
; // - Event messages -  
; // *********************************  
  
MessageId = 1000  
Severity = Success  
Facility = Application  
SymbolicName = AUDIT_SUCCESS_MESSAGE_ID_1000  
Language=English  
My application message text, in English, for message id 1000, called from %1.  
.  
  
MessageId = 1001  
Severity = Warning  
Facility = Application  
SymbolicName = AUDIT_FAILED_MESSAGE_ID_1001  
Language=English  
My application message text, in English, for message id 1001, called from %1.  
.  
  
MessageId = 1002  
Severity = Success  
Facility = Application  
SymbolicName = GENERIC_INFO_MESSAGE_ID_1002  
Language=English  
My generic information message in English, for message id 1002.  
.  
  
MessageId = 1003  
Severity = Warning  
Facility = Application  
SymbolicName = GENERIC_WARNING_MESSAGE_ID_1003  
Language=English  
My generic warning message in English, for message id 1003, called from %1.  
.  
  
MessageId = 1004  
Severity = Success  
Facility = Application  
SymbolicName = UPDATE_CYCLE_COMPLETE_MESSAGE_ID_1004  
Language=English  
The update cycle is complete for %%5002.  
.  
  
MessageId = 1005  
Severity = Warning  
Facility = Application  
SymbolicName = SERVER_CONNECTION_DOWN_MESSAGE_ID_1005  
Language=English  
The refresh operation did not complete because the connection to server %1 could not be established.  
.  
  
; // - Event log display name -  
; // ********************************************************  
  
MessageId = 5001  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_DISPLAY_NAME_MSGID  
Language=English  
Sample Event Log  
.  
  
; // - Event message parameters -  
; //   Language independent insertion strings  
; // ********************************************************  
  
MessageId = 5002  
Severity = Success  
Facility = Application  
SymbolicName = EVENT_LOG_SERVICE_NAME_MSGID  
Language=English  
SVC_UPDATE.EXE  
.  
```  
  
 ]]></format>
        </remarks>
        <exception cref="T:System.ArgumentException">The <paramref name="source" /> value is an empty string ("").  
  
-or-
  
 The <paramref name="source" /> value is <see langword="null" />.  
  
-or-
  
 <paramref name="instance.InstanceId" /> is less than zero or greater than <see cref="F:System.UInt16.MaxValue">UInt16.MaxValue</see>.  
  
-or-
  
 <paramref name="values" /> has more than 256 elements.  
  
-or-
  
 One of the <paramref name="values" /> elements is longer than 32766 bytes.  
  
-or-
  
 The source name results in a registry key path longer than 254 characters.</exception>
        <exception cref="T:System.ArgumentNullException">
          <paramref name="instance" /> is <see langword="null" />.</exception>
        <exception cref="T:System.InvalidOperationException">The registry key for the event log could not be opened.</exception>
        <exception cref="T:System.ComponentModel.Win32Exception">The operating system reported an error when writing the event entry to the event log. A Windows error code is not available.</exception>
        <altmember cref="Overload:System.Diagnostics.EventLog.CreateEventSource" />
        <altmember cref="P:System.Diagnostics.EventLog.Source" />
        <altmember cref="P:System.Diagnostics.EventLog.Entries" />
        <altmember cref="T:System.Diagnostics.EventInstance" />
      </Docs>
    </Member>
  </Members>
</Type>