Creating eventlog in registry using PowerShell creates unwanted source with the same name as logname

2
votes

I try to add eventlog for .net framework using powershell.

When I run the following command in PowerShell to create a new event log

New-EventLog -source "src1" -LogName "myTest"

in the registry I See the following hierarchy

myTest --> myTest and src1

See below image

enter image description here I do not want the second mytest entry . The hierarchy should be myTest --> src1

I tried to remove this unwanted source using

Remove-EventLog -Source 'myTest' enter image description here

I get the following error:

Remove-EventLog : The event log source 'myTest' cannot be deleted, because it's equal to the log name. At line:1 char:1

  • Remove-EventLog -Source 'myTest'
  •   + CategoryInfo          : NotSpecified: (:) [Remove-EventLog], InvalidOperationException
  + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.RemoveEventLogCommand

Any idea how can i fix this?

1
powershell.net-framework-4.8
This seems to be the default behavior. Why do you want to "fix" it? Does it cause any issues? - marsze
I see many have the same setup but there are some that don't. For instance "Key Management Service" doesn't - Doug Maurer
We used to create the same thing in the registry with .reg file and never had that extra entry that is why i want to remove it. Also we only log src1(this is my wcf service) not mytest. - user464291

1 Answers

1
votes

You could just delete it manually, not sure what the ramifications are.

Remove-Item hklm:\SYSTEM\ControlSet001\Services\EventLog\mytest\mytest

It appears that's where any custom category, parameter, or message resource files would be configured.