Event log mining with C#

Question

Hi,

I'm looking for a way to data mine the event logs of a remote computer in C#.

The problem I have is that I'm working with Amazon web services and in production we use the auto-scaler to bring up/shut up live virtual machine instances as necessary. However, the web services we have running on these instances all log to its local event log which represents two problems: - the logs are lost when the instances is removed - we won't know which instances to log on to when we do need to check the logs Therefore, we need a way to poll and potentially filter by criticality of the logs that are in the event logs on the live virtual machine instances. We have a module (in C#) which is able to find out what instances are running but what do I need to do to access the event logs on those instances?

Any help would be greatly appreciated! Many thanks in advance.

Answer 1

We're using different technology (Java/Spring) and not using auto-scaling, but our approach might work for you in a modified form.

When we shut down an instance, part of the shutdown script zips the log files and copies them to S3.

I suggest you make each instance responsible for writing it's own event log to a suitable location (S3 is probably a great choice). Here's a MSDN entry on how to read the event log from .Net. You can write a simple Windows service that reads the event log, prioritizes if necessary, and writes the events to external storage.

Create a custom AMI that includes that windows service (and has it configured to auto-start).