Event logging in Microsoft Windows NT provides a standard, centralized way for applications and the operating system to record important software and hardware events. It also provides a standard user interface for viewing the logs and a programming interface for examining the logs. Event logging provides a means to merge events from various sources into a single informative story.
The event log functions allow three kinds of event reports to be generated:
Remember the audience - administrators and users who are trying to troubleshoot the problem.
A message should contain:
This may seem like basic advice, but many error messages are cryptic. For example, avoid a message like the following:
A driver packet received from the I/O subsystem was invalid.
The data is the packet.
What this message means is that the driver in question is functioning properly, but is logging incorrectly formatted packets in the event log. To correct the problem, a Unicode version of the driver is needed.
When you start to write your message, you should consider the following: