locked
How to read "applications and services logs" on Windows server 2008 in C# RRS feed

  • Question

  • Hi

    i would like to get (read) backup logs in "applications and services logs" on Windows server 2008 in C#

    I can read event log "system" and "application" , but not "applications and services logs/Microsoft/Windows/backup/Operational"

    I need your help

    thanks

    • Edited by KrishnasPad Friday, June 26, 2009 5:48 PM Fixing thread title bug
    Monday, June 15, 2009 2:48 PM

Answers

All replies

  • Hi,

    It would be the same reading these events.

    As the article saids ,we can use the EventLogInformation class to gather information about an event log.
    http://msdn.microsoft.com/en-us/library/bb399431.aspx

    Please be sure the log name of the event, if it's not identical to the name of the event log, the information can not be aquired.
    http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.aspx

    If posible ,please post the code you are working with , so that we can test it for you .

    Harry

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    • Proposed as answer by Harry Zhu Monday, June 22, 2009 4:40 AM
    • Marked as answer by Harry Zhu Monday, June 22, 2009 9:12 AM
    Friday, June 19, 2009 7:25 AM
  • Hi,

    I am trying to read AD FS 2.0 event log (under "Applications and Services Logs"). With the EventLogInformation:

    EventLogSession session = new EventLogSession();
                
    foreach (string logName in session.GetLogNames())
    {
      Console.WriteLine("logName=" + logName);
    }
    

    I am getting all the different logs including those in the "Applications and Services Logs" section: 

    logName=Application
    logName=HardwareEvents
    logName=Internet Explorer
    logName=Key Management Service
    logName=Security
    logName=System
    logName=Windows PowerShell
    logName=AD FS 2.0 Tracing/Debug
    logName=AD FS 2.0/Admin
    logName=Analytic
    logName=DirectShowFilterGraph
    logName=DirectShowPluginControl
    logName=EndpointMapper
    logName=ForwardedEvents
    logName=Microsoft-IE/Diagnostic
    logName=Microsoft-IEFRAME/Diagnostic
    logName=Microsoft-IIS-Configuration/Administrative
    ...

    However, if I try:

    EventLog eventLog = new EventLog();
    eventLog.Log = "AD FS 2.0/Admin";
    eventLog.MachineName = machineName;
    Console.WriteLine("LogDisplayName=" + eventLog.LogDisplayName);
    

    Unhandled Exception: System.InvalidOperationException: Cannot find Log AD FS 2.0/Admin on computer 'server.company.com'.
       at System.Diagnostics.EventLog.GetLogRegKey(String currentMachineName, Boolean writable)
       at System.Diagnostics.EventLog.get_LogDisplayName()

    Any idea, why the log can't be read?

    Thanks

    Milos

    Monday, October 3, 2011 12:52 PM
  • Even i have tried, It the same, but unable to get the server logs, am able to get only the machine logs.

    But i suspect since 

    eventLog.MachineName = machineName; gets only the machine, i mean the local machine name.

    May b not the servers, its only with the clients....

    The only way i could do it is with the filestream, but most of the cases it is not adviced, since its a log entries may occur serveral times and a standard condition couldnt b applied.....

    Monday, June 25, 2012 7:31 AM
  • Hi Kishanprasad,

    R u able to read the "applications and services logs/Microsoft/Windows/backup/Operational" events now?

    Tuesday, May 17, 2016 9:35 AM
  • Any update on this issue...?

    How can we read events from a specific folder such as microsoft/windows/Applocker..?

    Tuesday, May 17, 2016 9:49 AM
  • The EventLog class uses the "classic" Event Logging API and expects the logs to be registered under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog. Those logs were however created using the newer Windows Event Log API and not registered under that old Registry key. Use the EventLogReader class instead; that's based on the newer API. Microsoft has bizarrely deleted the examples from the current version of the documentation but they still exist in .NET Framework 3.5 documentation.

    Alternatively, you could run a command like "wevtutil query-events Microsoft-Windows-Fault-Tolerant-Heap/Operational" as a child process and parse its output with an XmlReader.

    The name of the event log does not always match what Event Viewer shows in the tree view. For example, the tree view suggests "Microsoft\Windows\Backup\Operational" but the name of the log is actually "Microsoft-Windows-Backup". If you view the properties of the log in Event Viewer, then the Full Name field shows the actual name.

    Tuesday, May 17, 2016 3:00 PM