Event logs are used to store records of interesting events on behalf of the system components and third-party applications. The general guideline for what events should be stored in the logs is that the information should be restricted to that which would be useful in diagnosing a hardware or software problem.
To allow all applications to easily log events, Win32 provides a general function for writing events into the log. To aid an administrator or support personnel in diagnosing a problem, Win32 systems will provide a general purpose Event Viewer.
Events are classified as Informational Notes, Warnings, or Errors. The informational notes may include facts such as an assertion that a service has started. Warning events may include information such as disk space is getting low. Error events would be used to record both recoverable and unrecoverable errors. All event types will have well-defined common data and may optionally include event-specific data.
The event logging functions include:
| Function | Description |
| ClearEventLog | Clears an event log and optionally saves it. |
| CloseEventLog | Closes an event log. |
| OpenEventLog | Creates an event log. |
| ReadEventLogEntry | Reads an entry from an event log. |
| WriteEventLogEntry | Writes an entry to an event log. |