1

How do I get the XML from a specific EventLogEntry using C# on Windows XP? I already know the EventLog type (Security) and the event entry id.

EventLogWatcher and other classes are only available in Windows Vista and newer.

Matze
  • 5,100
  • 6
  • 46
  • 69
jjxtra
  • 20,415
  • 16
  • 100
  • 140
  • [LogParser](http://en.wikipedia.org/wiki/Logparser) is a utility built by an X Microsoft Employee Gabriele Giuseppini that reads a tonne of log file formats. I've used it with [Event Logs](http://eventanalyser.appointmentsbook.com) before. – Jeremy Thompson Nov 08 '12 at 05:36
  • Is there a C# interface to it? – jjxtra Nov 08 '12 at 05:36
  • Yes there is. The good folks over at http://visuallogparser.codeplex.com/ have it baked ready. Here is a quick [demo](http://stackoverflow.com/questions/10965280/most-efficient-way-to-find-all-exe-files-on-disk-using-c/10965388#10965388) – Jeremy Thompson Nov 08 '12 at 05:39
  • @jjxtra Since I came here for the same reason (though not for Windows XP as the target), and did not like the suggested solutions for third-party tools and libraries, I provided the solution that worked for me... see below. – Matze Apr 23 '21 at 22:39

2 Answers2

0

You can do this with LogParser. Its a utility built by an x Microsoft Employee Gabriele Giuseppini that reads a tonne of log file formats - FAST!

I've successfully used it with Event Logs before.

There is a C# interface from the good folks over at http://visuallogparser.codeplex.com

Community
  • 1
  • 1
Jeremy Thompson
  • 61,933
  • 36
  • 195
  • 321
0

For Windows XP, you can use the EventLogReader and EventLogQuery classes to query EventLogRecords from the event log quite efficiently. This API is available since .NET Framework 3.5 (so it should work perfectly fine on Windows XP).

First, you need the name of the event log to query (either its file system path or name), and second an XPath expression that acts as the record selector. A few examples are given at https://learn.microsoft.com/en-us/windows/win32/wes/consuming-events

Basically, it works as follows:

static string RetrieveApplicationEventDetailsXmlById(string eventId)
{
    const string logName = "Application";
    string queryExpression = string.Format("*[System/EventId=\"{0}\"]", eventId);
    var eventLogQuery = new EventLogQuery(logName, PathType.LogName, queryExpression);

    using (var reader = new EventLogReader(eventLogQuery)) 
    {
        EventRecord record;
        if ((record = reader.Next()) != null)
        {
            return record.ToXml();
        }
    }

    return null;
}

Given that a valid XPath expression has been specified, a call to the reader´s Next method returns the next available LogEventRecord object that allows retrieving the event´s details in XML format via the ToXml method.

Matze
  • 5,100
  • 6
  • 46
  • 69