Event Logs
Useful as the Debug and Trace
classes are, the Win32 platform already provides a logging mechanism
in the form of the event log. Classes are provided in the
System.Diagnostics namespace that allow
applications to enumerate the existing event sources and logs, read
from and write to an event log manually, use an event log as a
backing store for Trace or
Debug output, create and install new event
sources, and monitor an event log for changes.
Reading the Event Log
To read an event log, create an
instance of the
EventLog class with the name of the log you wish
to access, and optionally the name of the machine on which the log
resides and the event source with which to filter the log entries.
Once you have a valid EventLog instance, it
provides a wealth of properties and methods that let you examine and
manipulate the log as a whole. To read the individual entries in the
log, use the EventLog.Entries property to retrieve
a collection of EventLogEntry instances. The
following sample displays information on any log on your system:
// DumpLog.cs - use DumpLog <logname> using System; using System.Diagnostics; class DumpLog { static void Main(string[ ] args) { // Present the alternatives if (args.Length <= 0) { EventLog[ ] ela = EventLog.GetEventLogs( ); Console.WriteLine("Usage: DumpLog <logname>"); Console.WriteLine("\n\tWhere <logname> is one of:\n"); foreach (EventLog el in ela) { Console.WriteLine("\t{0}", el.LogDisplayName); } return; } // Extract the parameters string logName ...