[This is preliminary documentation and subject to change.]
Recommendation (Designed for Microsoft® Windows® Logo)
Users should be able to track two types of events on every client computer:
Currently, neither applications nor the operating system provide options on how much or what kind of information to write to system log files. No options exist to log configuration changes. Users should be able to record both of these types of events. Users should also have the option to control the level of logging through a registry key set by way of a policy or through a user interface.
When something breaks, it is very difficult to find out what happened. For example, the user could have installed a game, some DLLs could have been overwritten, the network settings could have been changed, or the installed applications could have some unplanned behaviors. Both the operating system and the applications need to track this kind of information.
When your application or service starts, it should check the DiagnosticLogging registry key for the appropriate level and detail of logging:
HKLM:
\System
\CurrentControlSet
\Control
\DiagnosticLogging
\Global = 0 | 1 | 2
This registry key's values correspond to the following modes.
| Logging Mode | Description | Example |
|---|---|---|
| Quiet Mode | Only system-critical events logged, like we do today | A service starting/stopping |
| Normal Mode | Critical events and configuration changes are logged | Changing the systems static IP Address |
| Verbose Mode | Information overload is logged | Monitor files copied to %WINDIR% |
For more information about writing clear messages for logging, see Guidelines for Error Messages and Other Event Messages.