This is a pretty common problem with NTEventLogAppender (both log4j and log4jna versions) and generally with firing events to the Windows event log. The events are properly fired, but the text in the event log contains the annoying “the description for Event ID 4096 from source cannot be found” error.
The Windows event log uses pre-configured sources to render messages. In order to support localization the message format and sometimes the entire message text is external to the actual message and is contained in resource DLLs. There’s a number of great articles that explain, in detail, how this works.
- CodeProject: Using mc.exe, message resources and the NT event log in your own projects
- MSDN: Creating a resource DLL
Both log4j and Log4jna NTEventLogAppenders ship with a simple message resource DLL. Unlike log4j’s version which contains both code to fire event log events, the log4jna version is a pure message-only resource DLL. It does not need to be on PATH and can therefore be placed in any location on your machine, usually with your application.
For a demo event source we must tell Windows where the resource DLL is by creating an EventMessageFile registry key in the event source (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\demo). The value for the key is the full path to Win32EventLogAppender.dll.
Our resource DLL simply says to format every message “as-is”.
MessageId=4096
Language=English
%1
The message renders properly after reopening the event viewer.
