Oh, oh. The message severity is controlled by the 2nd parameter of ReportEvent
function. The severity from the 4th parameter dwEventID is COMPLETELY IGNORED!
What a trap from Microsoft.
Windows Event Viewer shows wrong severity for all messages from my service
I'm trying to create my own Windows service in C according to this tutorial. My event message definition file looks like this
EventLogMessages.mc:
MessageIdTypedef=DWORD
SeverityNames=(
Success=0x0:STATUS_SEVERITY_SUCCESS
Info=0x1:STATUS_SEVERITY_INFO
Warning=0x2:STATUS_SEVERITY_WARNING
Error=0x3:STATUS_SEVERITY_ERROR
)
FacilityNames=(
System=0x0:FACILITY_SYSTEM
Runtime=0x2:FACILITY_RUNTIME
Stubs=0x3:FACILITY_STUBS
Io=0x4:FACILITY_IO_ERROR_CODE
)
LanguageNames=(English=0x409:MSG00409)
; // The following are message definitions.
MessageId=0x1
Severity=Success
Facility=Runtime
SymbolicName=SVCEVENT_STATUS_REPORT
Language=English
Status report: %2.
.
MessageId=0x2
Severity=Error
Facility=System
SymbolicName=SVCEVENT_INIT_SYSCALL_ERROR
Language=English
Essential syscall failed when starting the service: %2.
.
MessageId=0x3
Severity=Error
Facility=Runtime
SymbolicName=SVCEVENT_CUSTOM_ERROR
Language=English
Service-specific error: %2.
.
; // A message file must end with a period on its own line
; // followed by a blank line.
It's almost a copy of the sample file from docs.
However whenever i compile this file, start the service and open the Event Viewer, i see all messages from my service as "Level: Error", even those that should have lower severity.
The event IDs and the messages are correct, but the severity is always wrong.
I opened the the generated header file EventLogMessages.h and here it seems alright as well.
#define SVCEVENT_STATUS_REPORT ((DWORD)0x00020001L)
The upper 2 bits (that indicate severity) are correctly set to 0 - STATUS_SEVERITY_SUCCESS. But regardless, the event is always displayed wrong.
Anyone has a clue why it's wrong and how to fix it?
-
Youda008 96 Reputation points
2020-11-22T11:37:40.897+00:00