2

I want to read event entries from a certain custom event log at c# program, And to filter them by their description. Is there a way to do it? Or a way to get the entries as collection so I will be able to select from that by condition?

Shaked Bu
  • 41
  • 1
  • 8
  • Check the [EventLog class](https://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog(v=vs.110).aspx) – LightBulb Dec 06 '15 at 15:06
  • Checked, there is 'Entries' property, don't know how to read from it by condition. – Shaked Bu Dec 06 '15 at 15:07
  • Are you talking about the events you would see with the `eventvwr.msc` of Windows, or do you speak about some kind of application driven events? – Shnugo Dec 06 '15 at 15:08
  • The events I would see in the event viewer yes – Shaked Bu Dec 06 '15 at 15:09
  • Hi Shaked, just saw, that you were around and even started a new question on this issue. Could my answer help you? – Shnugo Dec 07 '15 at 11:33
  • Your answer helped me, now, I'm looking for a way to filter by my needs(as I wrote in the new question) – Shaked Bu Dec 07 '15 at 11:35
  • @Shnugo Thanks for the tips , I will mark you answer as soon as I succeed to get exactly what I need, 'till then I can't fully check if you solution works – Shaked Bu Dec 07 '15 at 11:55
  • Yes of course. Just placed some hints below your new question ... – Shnugo Dec 07 '15 at 12:00

1 Answers1

6

Try something like this:

       string queryString = string.Format("*[System[TimeCreated[@SystemTime>='{0}' and @SystemTime<='{1}']]]",
            DateTime.Now.Date.AddDays(-10).ToString("s"),
            DateTime.Now.Date.ToString("s"));
        var q = new EventLogQuery("Microsoft-Windows-User Profile Service/Operational", PathType.LogName, queryString);
        var r = new EventLogReader(q);

        var list = new List<EventRecord>(); 

        EventRecord er = r.ReadEvent();
        while (er != null) {
            list.Add(er);
            er = r.ReadEvent();
        }

The filter is XPath and XQuery. If you want to learn about an events internal structure I found it best to read through the filter definition within eventvwr. Look into the XML-tab...

Shnugo
  • 66,100
  • 9
  • 53
  • 114
  • Wow, thanks for heads up about this approach of reading event logs! Thanks to it I was able to decrease time of reading my logs from 35 secs to 4 secs! – Robert Synoradzki Feb 27 '17 at 14:12