9 releases

Uses old Rust 2015

0.2.6 Sep 14, 2019
0.2.5 Sep 7, 2019
0.2.4 Mar 10, 2019
0.2.1 Oct 5, 2018
0.1.0 Sep 29, 2018

#245 in Windows APIs

Download history 216/week @ 2023-12-18 105/week @ 2023-12-25 84/week @ 2024-01-01 132/week @ 2024-01-08 312/week @ 2024-01-15 251/week @ 2024-01-22 92/week @ 2024-01-29 174/week @ 2024-02-05 137/week @ 2024-02-12 355/week @ 2024-02-19 278/week @ 2024-02-26 242/week @ 2024-03-04 277/week @ 2024-03-11 222/week @ 2024-03-18 285/week @ 2024-03-25 310/week @ 2024-04-01

1,104 downloads per month
Used in doh-client


280 lines


Build status Latest version Documentation License

A simple Rust log backend to send messages to the Windows event log.


  • Writes Rust log messages to the Windows event log using the RegisterEventSourceW and ReportEventW APIs.
  • Supports env_logger filtering, initialized from RUST_LOG environment variable. (optional)
  • Provides utility functions to register/unregister your event source in the Windows registry.
  • Embeds a small (120-byte) message resource library containing the necessary log message templates in your executable.
  • Does not panic.

The five Rust log levels are mapped to Windows event types as follows:

Rust Log Level Windows Event Type Windows Event Id
Error Error 1
Warn Warning 2
Info Informational 3
Debug Informational 4
Trace Informational 5


  • Rust 1.29+
  • Windows or MinGW
  • [Windows, optional] mc.exe and rc.exe (only required when eventmsgs.mc is changed)
  • [Windows, optional] PowerShell (used for the end-to-end test)



Plain winlog:

winlog = "*"

Or to enable env_logger filtering support:

winlog = { version = "0.2.5", features = ["env_logger"] }

Register log source with Windows

Register the log source in the Windows registry:

winlog::register("Example Log"); // silently ignores errors
// or
winlog::try_register("Example Log").unwrap();

This usually requires Administrator permission so this is usually done during installation time.

If your MSI installer (or similar) registers your event sources you should not call this.

Log events

Without env_logger filtering:

winlog::init("Example Log").unwrap();

info!("Hello, Event Log");
trace!("This will be logged too");

Use the winlog backend with env_logger filter enabled:

// # export RUST_LOG="info"
winlog::init("Example Log").unwrap();
info!("Hello, Event Log");
trace!("This will be filtered out");

Deregister log source

Deregister the log source:

winlog::deregister("Example Log"); // silently ignores errors
// or
winlog::try_deregister("Example Log").unwrap();

This is usually done during program uninstall. If your MSI installer (or similar) deregisters your event sources you should not call this.

What's New


  • Disable unneeded regex features to speed up the build.
  • Improve error reporting/handling in build.rs.


  • Gitlab CI builds on Windows 10 and Debian/MinGW.
  • Optional support for env_logger event (enable feature env_logger).
  • Always run windrc/windrc on MinGW.
  • Include linker configuration in .cargo/config.



cargo build --release


Install MinGW (Ubuntu):

sudo apt install mingw-w64

Install Rust:

rustup target install x86_64-pc-windows-gnu

Currently the install from rustup doesn't use the correct linker so you have to add the following to .cargo/config:

linker = "/usr/bin/x86_64-w64-mingw32-gcc"


cargo build --release


Artifacts eventmsgs.lib and eventmsgs.rs are under source control so users don't need to have mc.exe and rc.exe installed for a standard build.

  1. If build.rs determines that eventmsgs.mc was changed then build.rs:
    • invokes mc.exe (which creates eventmsgs.h)
    • invokes rc.exe (which creates eventmsgs.lib)
    • creates eventmsgs.rs from eventmsgs.h.
  2. build.rs emits linker flags so eventmsgs.lib can found.
  3. Standard cargo build follows.


The end-to-end test requires 'Full Control' permissions on the HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application registry key.

cargo test


  1. Create a unique temporary event source name (winlog-test-###########).
  2. Register our compiled test executable as EventMessageFile for the event source in the Windows registry. You can see a new key at HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winlog-test-###########.
  3. Write some log messages to the event source.
  4. Use PowerShell to retrieve the logged messages.
  5. Deregister our event source. This removes the winlog-test-########### registry key.
  6. Assert that the retrieved log messages are correct.


Licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~14K SLoC