Zabbix cannot generate windows eventlog messages from new eventing system log, "Windows Eventing 6.0" log.
"Windows Eventing 6.0" is added after Windows Vista.
Though many legacy eventing system log still exist in after Windows Vista, some eventlog are "Windows Eventing 6.0" log.
We have to use XPath query with new eventlog API to get these new eventlog messages.

The detail is following.

1. 1. Before Windows Vista ## (NT, 2000, XP, 2003)
      We can get message table file path by searching value "EventMessageFile" under "\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog**" using RegQueryValueEx().
      Then, we can generate eventlog message from FormatMessage() with message table file.
      Zabbix works in this way. (see "src/zabbix_agent/eventlog.c")
      All eventlog registry entry have "EventMessageFile", so Zabbix works well in before Windows Vista

1. 1. After Windows Vista ## (Vista, 7, 2008)
      After Windows Vista, there are some eventlog which don't have "EventMessageFile" in registry.
      For example, in Windows Vista and 7, "\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WMPNetworkSvc" don't have "EventMessageFile". (picture "01.jpg")
      So, Zabbix cannot get message table file path and cannot generate eventlog message.
      These are "Windows Eventing 6.0" version eventlog added after Windows Vista, which don't have "EventMessageFile".
      The eventlog API were also changed.
      We have to use XPath query to get eventlog messages.
      (reference: http://msdn.microsoft.com/en-us/magazine/cc163431.aspx)

How to reproduce:
The easiest way is starting and stopping "Windows Media Player Network Sharing Service" from windows service manager in Windows Vista or 7.
It uses "Windows Eventing 6.0".
Please see picture "02.jpg".
"original zabbix" failed to get eventlog message.
The failed Source name is "WMPNetworkSvc".