EventLogReader Remote Performance

Question

I am using the EventLogReader to query remote 2008 servers for events. The performance of querying the events on a remote machine is horrible (6/sec). If I query the same machine via WMI using a forward-only ManagementObjectSearch the performance is great (1000/sec). I don't see any similar options on the EventLogReader (e.g. ReturnImmediatly, Rewindable) to speed it up. I tried turning off the firewall on the remote server to see if there was possibly communication issues, but that didn't make a difference.

When using EventLogReader to read logs from the local host the performance is as expected -- it's only over the network that it slows down (but WMI doesn't experience the problem).

Any way to speed up the performance of EventLogReader over the network?

Thanks, Mitch

Answer 1

Did a little testing (modified the sample code from http://msdn.microsoft.com/en-us/library/bb671200.aspx) and from my experimenting I found that the performance hit comes from calling EventRecord.FormatDescription().

When I only had a call to EventRecord.ToXml() I was able to pull remotely from a server on the LAN over 4300 events in 25 seconds at about 170 events/sec. When I added a call to EventRecord.FormatDescription() the performance dropped to almost 1.5 minutes to read all 4300+ events and about 52 events/sec.

I apologize this may not be the answer that you want but my advice would be if you don't need to call EventRecord.FormatDescription() it will increase performance quite a bit.