Create your own Event Viewer Entries

There’s a little known tool that sits on your computer called eventcreate.exe. Its a command line tool and it lets you create your own event log entries in the event viewer (but not the security log for obvious reasons). You can create any event with an event ID up to 1000 (events above that value tend to be used by Microsoft).

To use the tool simply go to a command prompt and create an event with appropriate switches – you can get a list of all these and an example of how to use the tool by entering

eventcreate /? at the command prompt.

Why would you want to do this ? Well, one thing is to test any monitoring tools you have. The other thing is you can call the tool to easily write to the event log from any scripts you create, for example when deploying software from a batch file you can write an event to the log showing that the software was deployed.

My favourite use is around April Fools Day. A typical example would be:

EVENTCREATE /T ERROR /ID 69 /L APPLICATION /SO iexplore.exe /D “<username> has now spent a total of 465 hours browsing www.facebook.com this calendar year”

Just run the command using a remote command prompt on the users machine and then ask them and why you have received an alert about their browsing then point them to the event log.

Leave a Reply