Event Logs

Useful as the Debug and Trace classes are, the Win32 platform already provides a logging mechanism in the form of the event log. Classes are provided in the System.Diagnostics namespace that allow applications to enumerate the existing event sources and logs, read from and write to an event log manually, use an event log as a backing store for Trace or Debug output, create and install new event sources, and monitor an event log for changes.

Reading the Event Log

To read an event log, create an instance of the EventLog class with the name of the log you wish to access, and optionally the name of the machine on which the log resides and the event source with which to filter the log entries. Once you have a valid EventLog instance, it provides a wealth of properties and methods that let you examine and manipulate the log as a whole. To read the individual entries in the log, use the EventLog.Entries property to retrieve a collection of EventLogEntry instances. The following sample displays information on any log on your system:

// DumpLog.cs - use DumpLog <logname> using System; using System.Diagnostics; class DumpLog { static void Main(string[] args) { // Present the alternatives if (args.Length <= 0) { EventLog[] ela = EventLog.GetEventLogs(); Console.WriteLine("Usage: DumpLog <logname>"); Console.WriteLine("\n\tWhere <logname> is one of:\n"); foreach (EventLog el in ela) { Console.WriteLine("\t{0}", el.LogDisplayName); } return; } // Extract the parameters string logName ...

Get C# in a Nutshell now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.