#eventlog #logging #windows


A simple Rust log backend to send messages to the Windows event log

2 releases

0.3.1 Jun 24, 2023
0.3.0 May 3, 2023

#102 in Windows APIs

Download history 8/week @ 2023-11-03 51/week @ 2023-11-10 28/week @ 2023-11-17 107/week @ 2023-11-24 26/week @ 2023-12-01 32/week @ 2023-12-08 59/week @ 2023-12-15 36/week @ 2023-12-22 48/week @ 2023-12-29 61/week @ 2024-01-05 39/week @ 2024-01-12 51/week @ 2024-01-19 67/week @ 2024-01-26 36/week @ 2024-02-02 50/week @ 2024-02-09 78/week @ 2024-02-16

231 downloads per month
Used in sediment-rs


131 lines


This is a fork of winlog.

A simple Rust log backend to send messages to the Windows event log.


  • Writes Rust log messages to the Windows event log using the RegisterEventSourceW and ReportEventW APIs.
  • Supports env_logger filtering, initialized from RUST_LOG environment variable. (optional)
  • Provides utility functions to register/unregister your event source in the Windows registry.
  • Embeds a small (120-byte) message resource library containing the necessary log message templates in your executable.

The five Rust log levels are mapped to Windows event types as follows:

Rust Log Level Windows Event Type Windows Event Id
Error Error 1
Warn Warning 2
Info Informational 3
Debug Informational 4
Trace Informational 5


  • Windows or MinGW
  • [Windows, optional] PowerShell (used for the end-to-end test)



Plain winlog:

log = "*"
winlog = "*"

Or to enable env_logger filtering support:

log = "*"
winlog = { version = "0.2.5", features = ["env_logger"] }

Register log source with Windows

Register the log source in the Windows registry:

winlog::register("Example Log").unwrap();

This usually requires Administrator permission so this is usually done during installation time.

If your MSI installer (or similar) registers your event sources you should not call this.

Log events

Without env_logger filtering:

use log::{info, trace};

winlog::init("Example Log").unwrap();

info!("Hello, Event Log");
trace!("This will be logged too");

Use the winlog backend with env_logger filter enabled:

use log::{info, trace};

// # export RUST_LOG="info"
winlog::init("Example Log").unwrap();
info!("Hello, Event Log");
trace!("This will be filtered out");

Deregister log source

Deregister the log source:

winlog::deregister("Example Log").unwrap();

This is usually done during program uninstall. If your MSI installer (or similar) deregisters your event sources you should not call this.

What's New


  • Fork from original repo.
  • Use windows-sys instead of winapi.
  • Update other dependencies.
  • Generate eventmsgs.rc and compile it with winres.
  • Fix end-to-end test to deregister correctly even if it fails.
  • Remove APIs that silently fails.


  • Disable unneeded regex features to speed up the build.
  • Improve error reporting/handling in build.rs.


  • Gitlab CI builds on Windows 10 and Debian/MinGW.
  • Optional support for env_logger event (enable feature env_logger).
  • Always run windrc/windrc on MinGW.
  • Include linker configuration in .cargo/config.



cargo build --release


Install MinGW (Ubuntu):

sudo apt install mingw-w64

Install Rust:

rustup target install x86_64-pc-windows-gnu

Currently the install from rustup doesn't use the correct linker so you have to add the following to .cargo/config:

linker = "/usr/bin/x86_64-w64-mingw32-gcc"


cargo build --release


Artifacts eventmsgs.rc and MSG00409.bin are under source control so users don't need to have mc.exe installed for a standard build.


The end-to-end test requires 'Full Control' permissions on the HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application registry key.

cargo test


  1. Create a unique temporary event source name (winlog-test-###########).
  2. Register our compiled test executable as EventMessageFile for the event source in the Windows registry. You can see a new key at HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winlog-test-###########.
  3. Write some log messages to the event source.
  4. Use PowerShell to retrieve the logged messages.
  5. Assert that the retrieved log messages are correct.
  6. Deregister our event source. This removes the winlog-test-########### registry key.


Licensed under either of

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.


~372K SLoC