locked
Reading and ordering the event log(s) RRS feed

  • Question

  • Namaste!

    When opening an event log for reading, are the entries therein returned in descending (latest first) or ascending (oldest first) order?

    If the latter, is there a way to reverse order the entries or does one need to iterate through the entire log?

    I wasn't able to readily determine this from the available documentation or Googling.

    Thanks!

    /s/ Jon C. Munson II
    Friday, June 12, 2009 1:46 PM

Answers

  • EventLogEntryCollection does not specify any kind of sort order.  Most of all, it doesn't provide a hook like IComparable to impose a sort order.  It just returns entries in their "natural" order, the order in which the native Windows API provides them.  Which should be roughly chronological, although that gets muddy with properties like EventLogEntry.TimeGenerated vs TimeWritten.  If you require a particular sort order, or want to guarantee one when none is specified, be sure to read the entries into a List<> and sort them the way you want them.

    Hans Passant.
    Tuesday, June 16, 2009 9:19 PM
    Moderator

All replies

  • It's been 12 hours, I assume you figured it out.  The Entries property can be indexed so you can access it in any order you want.

    Hans Passant.
    Saturday, June 13, 2009 1:41 AM
    Moderator
  • Namaste!

    Thank you for the reply.

    How does one do such a thing?  I looked at the documentation and while the index ability is mentioned, there is no example or pointer to same.  Also, looking at the available methods/properties of the Entries collection or the log itself doesn't yield any sort of index property.

    Thanks!

    /s/ Jon C. Munson II
    Monday, June 15, 2009 1:31 PM
  • Namaste!

    The only item I could find relative to an index was that of the Item property - specifying an index and then supplying the value returns the associated item.

    I looked at ICollection/IEnumerable (two of the interfaces that EventLogEntryCollection implements) and couldn't see any way to specify a sort order there either.

    I'm still looking for an answer as to how to specify the sort order for the Entries when reading through the log - I'd like to get them in LIFO order, or, in beginning with newest first.

    Thanks!

    Peace, Love, and Light,

    /s/ Jon C. Munson II
    Tuesday, June 16, 2009 3:49 PM
  • EventLogEntryCollection does not specify any kind of sort order.  Most of all, it doesn't provide a hook like IComparable to impose a sort order.  It just returns entries in their "natural" order, the order in which the native Windows API provides them.  Which should be roughly chronological, although that gets muddy with properties like EventLogEntry.TimeGenerated vs TimeWritten.  If you require a particular sort order, or want to guarantee one when none is specified, be sure to read the entries into a List<> and sort them the way you want them.

    Hans Passant.
    Tuesday, June 16, 2009 9:19 PM
    Moderator
  • Namaste!

    Thank you for your reply.

    Is it more efficient to read things into a List<> object, sort, then pull the relevant entries out, OR, since the log is being read anyway, check each entry, keeping/discarding as necessary?  This question has bearing on logs of several thousand entries...

    Better yet, would it be far smarter to just read the log into a database and go from there?

    Thanks!

    Peace, Love, and Light,

    /s/ Jon C. Munson II
    Wednesday, June 17, 2009 2:37 PM
  • Dear All ,

                   Please use the following line to sort

                  IEnumerable<EventLogEntry> _entry = from entity in _entryList.AsEnumerable() orderby entity.TimeGenerated descending select entity;

     

     

     

    Regards,

    Ajay Singh Beniwal

    • Proposed as answer by Beniwal Friday, July 30, 2010 12:10 PM
    Thursday, July 22, 2010 9:11 AM