Windows Event Logs: Task Category

event-logwindows-server-2008-r2

I have been scouring the internet for a formal definition of this piece of the Windows Event Logs. How is the category determined? Is there a set of standard values for this field? Can an application create its own Task Category?

Best Answer

Looking into .NET's EventLog and EventLogEntry classes should give you a clue, especially the latter's Category property:

Each application (event source) can define its own numbered categories and the text strings to which they are mapped. The Event Viewer can use the category to filter events in the log.

Additionally, as the page on Event Categories states:

Categories help you organize events so Event Viewer can filter them. Each event source can define its own numbered categories and the text strings to which they are mapped.

The page shows you how your app (which would be the Event Source) can define its own Event Categories. You can get some useful tips about getting that example to work on Win7 and Server 2008 R2 here. This Dr. Dobb's article about Customizing Event Log Categories might also be useful. I'm sure there are many more tutorials available, and if you need help with the code Stack Overflow would be the place to turn to.

Note: AFAIK there's no set of standard values for this field, since an app can use its own custom strings. Of course if you want to use the ones Windows itself uses, I'm sure they must be defined in some resource/header/message file somewhere.

Related Question