tags:

views:

141

answers:

1
Q: 

Serializing a .NET EventLogEntry instance to XML

When using the Event Viewer in Windows 7, there is a separate 'XML View' of an event that can be accessed from the Event Properties dialog. This XML refers to the http://schemas.microsoft.com/win/2004/08/events/event namespace.

When I subscribe to Windows Events using the .NET framework classes in the System.Diagnosticsnamespace and retrieve event objects in the form of EventLogEntry instances, is there a way to serialize these instances to the XML format mentioned above? I can not seem to find any.

Thank you very much for your response.

Update: thanks to jmservera I have found out there is a different and better API in the System.Diagnostics.Eventing.Reader namespace, however this API does not support deployment to Windows Server 2003/ XP.

Update 2: I have accepted jmservera's answer, because it has lead me to the solution. If you are targetting Vista/ Windows Server 2008 follow jmservera's suggestion and use the API in the newer namespace. If, however, you need to support previous OS's you will have to use the older API and serialize the EventLogEntry to XML yourself.

+1  A: 

You have to use the System.Diagnostics.Eventing.Reader namespace like this:

static void Main(string[] args)
{
 EventLogQuery query = new EventLogQuery("System", PathType.LogName);
 EventLogWatcher watcher = new EventLogWatcher(query);
 watcher.EventRecordWritten += new EventHandler<EventRecordWrittenEventArgs>(watcher_EventRecordWritten);
 watcher.Enabled = true;
 Console.ReadLine();
}

static void watcher_EventRecordWritten(object sender, EventRecordWrittenEventArgs e)
{
 Console.WriteLine(e.EventRecord.ToXml());
}
jmservera  2009-10-26 16:22:31
Thanks jmservera, much appreciated. I have looked into this and surprisingly this API does not seem to support deployment on XP and/ or Windows Server 2003 platfrom (only Vista and Windows Server 2008). I guess I should have mentioned that in my question, but I did not expect any constraints with respect to this.
martijn_himself  2009-10-26 16:49:12
Yes, it is new for Vista, because they changed the way events are stored, now into xml files. If you want the same xml for all the systems you could create a class using xsd.exe, fill it, and then serialize it.
jmservera  2009-10-27 08:52:13

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?