The source name in eventlog is different from source name in registry.
Hello everyone! I have a little question.
Everyone knows that field "Source" in EventLog Viewer, when you view logs, indicates the name of source. As far as I know the name of source is taken from eventlog entry. But at that time the source name is the name of registry key under the appropriate eventlog key.
For example, if we have custom eventlog "TestLog" it's key is HKLM\\SYSTEM\\CurrentControlSet\\services\\eventlog\\TestLog and a custom provider "TestProvider" that writes events to that log with key HKLM\\SYSTEM\\CurrentControlSet\\services\\eventlog\\TestLog\\TestProvider.
So, if TestProvider will write event in TestLog, the "Source" field in EventViewer will be "TestLog". And at last here is my question "If we take a look, for example, at HKLM\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application\\Microsoft-Windows-RestartManager provider and write some events to Application log we will see that "Source" field in EventViewer isn't "Microsoft-Windows-RestartManager" but "RestartManager". How can it be? That source name in eventlog is different from source name in registry?
Re: The source name in eventlog is different from source name in registry.
The Name is taken from the file description (file properties) and not from the REG..
If you change the Description in your custom Service... you change the name in the Eventlog..
In the case that there is no description the Primary name will be used...