In order to make my custom event logs on Windows easily parsable and structured, I am utilizing Message Resource files which is explained here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363669(v=vs.85).aspx
I was looking at the xml format of Windows' own logs and I've seen that the parameters entered to the particular events(which are defined via their ID) are named. An example from Security-Audit access has tags as following:
<EventData>
<Data Name="SubjectUserSid">S-1-0-00-00000000-00000-0......</Data>
<Data Name="SubjectUserName">myUserName</Data>
<Data Name="SubjectDomainName">myDomain</Data>
<Data Name="SubjectLogonId">0x1234...</Data>
and so on....
</EventData>
The problem is that I can't find the format to define data names. I can give strings as parameters which create <data> string data </data>. I guess it could be either set on mc resource file or on the c# code EventLog class. But how and which one, I couldn't figure out.
