I am trying to get a list of the "special" event logs in C#, like the "Microsoft\Windows\Audio\CaptureMonitor" log and all the others like it. They don't seem to be returned when I use System.Diagnostics.EventLog.GetEventLogs(). Is there a special way to get a list of all the special event logs?
Asked
Active
Viewed 1,363 times
2 Answers
1
I'll be honest and admit I don't know how these views tie into EventLogs and EventSources but take a look at the registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels
And see if that starts you down the right path. Also checkout:
How do I create a hierarchy of lognames in the Windows event system?
Community
- 1
- 1
Christopher Painter
- 54,556
- 6
- 63
- 100
-
1This is an old question but if people stumble upon this and still need this information the System.Diagnostics.EventLog classes just support the classic event logs. The eventing classes are the ones that support the newer channels that Christopher Painter mentions. https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.eventing.reader?view=netframework-4.8 These classes are a bit of a nightmare but you can call the PowerShell cmdlets from C# $logs=Get-WinEvent -ListLog * – David Homer Jun 30 '22 at 12:44
0
You may use the WevtUtil.exe tool:
To access event log information from the command line, use the WevtUtil.exe tool. This tool is located in the %SystemRoot%\System32 directory. For WevtUtil.exe tool help, use the wevtutil /? command.
I guess you might use a System.Diagnostigs.Process, launch the tool, then capture and parse the console output.
using System;
using System.Diagnostics;
using System.Linq;
class Program
{
static void Main(string[] args)
{
var output = "";
var p = new Process();
var psi = new ProcessStartInfo("wevtutil.exe", "el");
psi.CreateNoWindow = true;
psi.RedirectStandardOutput = true;
psi.UseShellExecute = false;
p.StartInfo = psi;
p.Start();
using (var processOutput = p.StandardOutput)
{
output = processOutput.ReadToEnd();
}
p.WaitForExit();
var eventLogs = output
.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries)
.ToList();
foreach (var item in eventLogs)
{
Console.WriteLine(item);
}
}
}
For reading the event log, you could use the same approach (for example, call wevtutil qe Microsoft-Windows-Audio/CaptureMonitor /f:text) or the System.Diagnostics.Eventing.Reader Namespace.Try the following:
using System;
using System.Diagnostics.Eventing.Reader;
class Program
{
static void Main(string[] args)
{
EventLogQuery subscriptionQuery =
new EventLogQuery("Microsoft-Windows-Audio/CaptureMonitor",
PathType.LogName, "*");
using (EventLogReader logReader =
new EventLogReader(subscriptionQuery))
{
DisplayEventAndLogInformation(logReader);
}
}
private static void DisplayEventAndLogInformation(EventLogReader logReader)
{
for (EventRecord eventInstance = logReader.ReadEvent();
null != eventInstance; eventInstance = logReader.ReadEvent())
{
Console.WriteLine("--------------------------------------");
Console.WriteLine("Event ID: {0}", eventInstance.Id);
Console.WriteLine("Publisher: {0}", eventInstance.ProviderName);
try
{
Console.WriteLine("Description: {0}",
eventInstance.FormatDescription());
}
catch (EventLogException)
{
// The event description contains parameters,
// and no parameters were passed to the
// FormatDescription method, so an exception is thrown.
}
// Cast the EventRecord object as an EventLogRecord
// object to access the EventLogRecord class properties
EventLogRecord logRecord = (EventLogRecord)eventInstance;
Console.WriteLine("Container Event Log: {0}",
logRecord.ContainerLog);
}
}
}
You may have to tweak a little bit the EventLogQuery constructor's query parameter (*) according to your needs. The topic How to: Query for Events shows an implementation example.
Alex Filipovici
- 31,789
- 6
- 54
- 78
-
I know how to read the special event logs, I'm trying to get a list of all the special event logs. I've looked around in the EventLog* classes and haven't come up with any useful so far. :( – Jon Tackabury Mar 14 '13 at 19:10