3
I have been scouring the internet for a formal definition of this piece of the Windows Event Logs. How is the category determined? Is there a set of standard values for this field? Can an application create its own Task Category?
3
I have been scouring the internet for a formal definition of this piece of the Windows Event Logs. How is the category determined? Is there a set of standard values for this field? Can an application create its own Task Category?
5
Looking into .NET's EventLog and EventLogEntry classes should give you a clue, especially the latter's Category property:
Each application (event source) can define its own numbered categories and the text strings to which they are mapped. The Event Viewer can use the category to filter events in the log.
Additionally, as the page on Event Categories states:
Categories help you organize events so Event Viewer can filter them. Each event source can define its own numbered categories and the text strings to which they are mapped.
The page shows you how your app (which would be the Event Source) can define its own Event Categories. You can get some useful tips about getting that example to work on Win7 and Server 2008 R2 here. This Dr. Dobb's article about Customizing Event Log Categories might also be useful. I'm sure there are many more tutorials available, and if you need help with the code Stack Overflow would be the place to turn to.
Note: AFAIK there's no set of standard values for this field, since an app can use its own custom strings. Of course if you want to use the ones Windows itself uses, I'm sure they must be defined in some resource/header/message file somewhere.
1
Applications can create their own task categories. It works just the same way that applications create their own event message texts: You put them in a .mc file, use the Message Compiler to compile that to a .rc file, use the Resource Compiler to compile that to a .res file, and use link.exe to compile that to a DLL.
If you've never done that before, there is a first-class tutorial at http://www.eventlogblog.com/mt/mt-search.cgi?search=python&IncludeBlogs=1 -- I've tried it recently and it still works for the current versions of the Platform SDK and Visual Studio Express, though you do have to set up additional folders in the PATH, for the executables and DLLs.
The category texts can be in their own DLL but you can also put them in the same DLL as the messages. If you do that, the categories should be at the beginning of the .mc file and numbered up from 1 with no gaps. In the registry entry for your DLL you tell Windows how many of the messages are categories, say 5, and it then treats the first 5 messages as categories.