I have used the System.Diagnostics.EventLog to view the logs on the local computer. However, I would like to open a saved event log archive (.evt or .evtx) and view the logs that are contained in the saved file. I just need to view timestamps, messages, sources, etc. associated with the logs in the file. Can this be done in C#?
+2
A:
Check out the System.Diagnostics.Eventing.Reader namespace. Specifically the EventLogQuery class.
http://msdn.microsoft.com/en-us/library/bb671200(v=VS.90).aspx
Chris Dwyer
2010-06-08 19:40:11
+3
A:
Try LogParser tool from Microsoft. It can fetch any data from logs of any log format using SQL-like selecting language. It can also be used from any .NET application. The example parsing of CSV logs (I believe you can use this code for EVT files with small modifications):
public IList<LogRow> GetLog()
{
return Load("SELECT *, OUT_ROW_NUMBER() FROM logfile*.log WHERE Field2='Performance' ORDER BY Field1 ASC");
}
private static IList<LogRow> Load(string sql)
{
IEnumerable<string[]> log = ParseLog(sql);
return Convert(log);
}
private static IList<LogRow> Convert(IEnumerable<string[]> log)
{
return log.Select(logRecord => new LogRow
{
TimeStamp = logRecord[2],
Category = logRecord[3],
Machine = logRecord[4],
ThreadId = logRecord[5],
ProcessId = logRecord[6],
ProcessName = logRecord[7],
DomainName = logRecord[8],
Message = logRecord[9],
Number = logRecord[10]
}).ToList();
}
private static IEnumerable<string[]> ParseLog(string query)
{
var records = new LogQueryClassClass().Execute(
query,
new COMCSVInputContextClass { headerRow = false, iTsFormat = "yyyy-MM-dd HH:mm:ss.fff" });
var entries = new List<string[]>();
while (!records.atEnd())
{
entries.Add(records.getRecord().toNativeString("CSVseparator").Split(
new[] { "CSVseparator" },
StringSplitOptions.None));
records.moveNext();
}
records.close();
return entries;
}
Yauheni Sivukha
2010-06-08 19:51:04