locked
Windows Event Logs RRS feed

  • Question

  • Hello,

    I am looking to be able to read *.evt files into C# then plot the data over time. In the graph I hope to be able to hover over each point and then be provided with all the extra data in the *.evt file attached to that particular type and time of alarm.

     

    I am more concerned with reading the *.evt files in the first place. If I succeed at doing this then I hope to implement a *.evtx graph plotter as well.

     

    Cheers

    Friday, February 18, 2011 2:04 PM

Answers

  • Here is something to get you started. The only "good" way to read event log files is the  use of Windows APIs. This article is using unsafe code to achieve it, but I'm sure if you marshal it correctly you won't have to.
    • Marked as answer by DaveRonan Tuesday, February 22, 2011 8:36 AM
    Friday, February 18, 2011 2:07 PM
  • Hi DaveRonan,

    Thank you for posting.

    Well, I think I need to share some information with you about this topic. Hope this helps. You can use System.Diagnostics.Eventing.Reader Namespace to develop the application that can read and manage event logs (Event ID, Event publisher, etc.).  All events can be represented in XML and each event XML can be validated by the Event Schema. XML is very flexible, such as XPath query, XLinq in .Net also can do the same thing. Please check here. In addition, here is a simple sample about How to: Query for Events.

    This is a very helpful article about Access and Read Event Information.

    Sincerely,


    Larcolais Gong[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by DaveRonan Tuesday, February 22, 2011 8:36 AM
    Tuesday, February 22, 2011 3:05 AM

All replies

  • Here is something to get you started. The only "good" way to read event log files is the  use of Windows APIs. This article is using unsafe code to achieve it, but I'm sure if you marshal it correctly you won't have to.
    • Marked as answer by DaveRonan Tuesday, February 22, 2011 8:36 AM
    Friday, February 18, 2011 2:07 PM
  • Hi DaveRonan,

    Thank you for posting.

    Well, I think I need to share some information with you about this topic. Hope this helps. You can use System.Diagnostics.Eventing.Reader Namespace to develop the application that can read and manage event logs (Event ID, Event publisher, etc.).  All events can be represented in XML and each event XML can be validated by the Event Schema. XML is very flexible, such as XPath query, XLinq in .Net also can do the same thing. Please check here. In addition, here is a simple sample about How to: Query for Events.

    This is a very helpful article about Access and Read Event Information.

    Sincerely,


    Larcolais Gong[MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by DaveRonan Tuesday, February 22, 2011 8:36 AM
    Tuesday, February 22, 2011 3:05 AM
  • Cheers Matt!

     

    I implemented that and it works perfectly.

    Tuesday, February 22, 2011 8:37 AM
  • Thanks Larcolais!

     

    I am currently working in XP so I was unable to read .evtx logs as it platform dependent. Soon I will be working on Windows 7, so I should be able to try it out.

     

    Cheers,

     

    Dave

    Tuesday, February 22, 2011 8:38 AM