Event Logs
Useful as the Debug and Trace classes
are, the Win32 platform already provides a logging mechanism in the form of
the event log. Classes are provided in the System.Diagnostics namespace
that allow applications to enumerate the existing event sources and logs,
read from and write to an event log manually, use an event log
as a backing store for Trace or Debug output, create and install new event sources, and monitor an event log for changes.
Reading the Event Log
To read an event log, create an instance of the EventLog class
with the name of the log you wish to access, and optionally the name of the
machine on which the log resides and the event source with which to filter
the log entries. Once you have a valid EventLog instance,
it provides a wealth of properties and methods that let you examine and manipulate
the log as a whole. To read the individual entries in the log, use the EventLog.Entries property
to retrieve a collection of EventLogEntry instances. The
following sample displays information on any log on your system:
// DumpLog.cs - use DumpLog <logname> using System; using System.Diagnostics; class DumpLog { static void Main(string[] args) { // Present the alternatives if (args.Length <= 0) { EventLog[] ela = EventLog.GetEventLogs(); Console.WriteLine("Usage: DumpLog <logname>"); Console.WriteLine("\n\tWhere <logname> is one of:\n"); foreach (EventLog el in ela) { Console.WriteLine("\t{0}", el.LogDisplayName); } return; } // Extract the parameters string logName ...