We need a way to identify multiple versions of the same application running on the same server when logging to the Microsoft Event Logger. Ideally we would just have
multiple custom log names in the Microsoft event logger to distinguish between different
instances of the same application running.
However, in the the Microsoft Event Logger, the Source Names must be unique through the entire system. This allows the logger to just use the source name, and the log will be directed to the correct log name.Â So in order for this to work for us, every source name would need to be modified to append a unique ID.Â This is just not practical.
In addition, the first eight characters are used to uniquely determine the log name.Â So we can’t aren’t able to append the version to the product name to create the log name, e.g. “Application 22.214.171.124”.
So instead, we log all of the messages to the same log name and create a log identifier (log ID) that is displayed as part of the log message to distinguish the messages. Perhaps not as elegant, but should work well in practice.Â The new version has a header at the top of the message that identifies our log ID, log Type, and log Levels.
Another consideration is that we are also generating file logs to the application log directories.Â So if we do need to walk through detailed transaction traces, it is still possible to do that in the xlog files.Â Â The Windows Event Log is really for high level visibility and integration to 3rd party tools that can monitor it.
ASP.Net Cannot Create New Log Source
When running in ASP.Net the application does not have sufficient privileges to create a new event source, although it is able to log to it once created.Â Therefore all of the event sources must be created by the installer.
Must reboot if you remap a source to a different logname.
Also when investigating the Windows Event Log I was running in to problems with the messages not showing up in the Event Log when I was changing the log names.Â I found the answer on SO, EventLog.CreateEventSource is not creating a custom log, which explains:
Event Log Notes:If a source has already been mapped to a log and you remap it to a new log, you must restart the computer for the changes to take effect.
http://msdn.microsoft.com/en-us/library/2awhba7a.aspx (about half way down the page)