locked
Event Log - Vista System Event log IDs different than XP? RRS feed

  • Question

  • I am writing a tool that scans for certain problems in the Event Log.

     

    So I get the thing working and one of the things I am looking for is bad secotrs Event ID: 7.

     

    Only problem is, event ID 7 is something else in Vista.  (Something about CPU performance)

     

    So, the obvious question is:

     

    Where can I geta list of the Event IDs used in Vista?  Better yet, is there is a cross reference that shows me what the Vista Event ID for every XP Event ID?

     

    Probably spent 3 hours googling and searching in Microsoft forums. 

     

    Sorry if I am missing something obvious.

     

    Pertinax

    Wednesday, August 20, 2008 11:04 PM

Answers

  • Well, I think I have figured out what is happening.

     

    Vista still uses Event ID 7 for bad blocks but also uses Event ID 7 for other things.  So its not enough to just search for Event IDs.  In Vista I have to search for the ID AND the event source (disk in this case).

     

    Reusing event IDs is a bad idea since it contradicts the very concept of the term ID.  This should disgust all of you database guys out there.

     

    It's still pathetic that Microsoft doesn't provide a resource that people can use to search for IDs in all of the Windows  logs (all versions of Windows).  The fact that someone has created a business by filling this gap should be embarrassing to Microsoft.

     

     

     

    Tuesday, August 26, 2008 2:16 PM

All replies

  • Just found this.  Seems a value was added to the ID value for security events.  Don't know yet if this holds true for the other events.  Seems like a bad decision to me though.  Lots of numbers were left in int32 and int64 land for new events.

     

    http://blogs.msdn.com/ericfitz/archive/2007/04/18/vista-security-events-get-noticed.aspx

     

    Can anyone cofirm that this holds true for the other event logs (Application, System)?  If not, is there a similar (and rather obscure) game being played with other logs?

     

     

     

     

     

    Thursday, August 21, 2008 10:42 PM
  • Hi Pertinax,

     

    Thank you for your inquiry.

     

    As far as I know, Microsoft didn’t public Windows Vista Event ID list. If you encounter a error, you can search it on Microsoft Knowledge Base. Regarding “VistaEventId = PreVistaEventId + 4096”, please understand that this rule is only applied to Security Event ID. Not to other event logs.

     

    At same time, I would like to share the following website for you:

     

    http://www.eventid.net/

     

    Hope it helps.

     

    Important Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

     

    Friday, August 22, 2008 6:27 AM
    Moderator
  • Thank you for being honest.

     

    At least I know that the problem isn't me and my ability to search Microsoft's resource sites.

     

    It is absurd that Microsoft doesn't provide this information.  Why would Microsoft recognize the value of providing this information to for the Security Events only?

     

    It's really quite pathetic.

     

     

    Monday, August 25, 2008 9:43 PM
  • Well, I think I have figured out what is happening.

     

    Vista still uses Event ID 7 for bad blocks but also uses Event ID 7 for other things.  So its not enough to just search for Event IDs.  In Vista I have to search for the ID AND the event source (disk in this case).

     

    Reusing event IDs is a bad idea since it contradicts the very concept of the term ID.  This should disgust all of you database guys out there.

     

    It's still pathetic that Microsoft doesn't provide a resource that people can use to search for IDs in all of the Windows  logs (all versions of Windows).  The fact that someone has created a business by filling this gap should be embarrassing to Microsoft.

     

     

     

    Tuesday, August 26, 2008 2:16 PM