How to Query for an event log details with a given event id?

by

There are a few new twists if your going to query events from the new style Windows EventLogs.

  1. You will have to use the classes from the System.Diagnostics.Eventing.Reader namespace to read the new events.
  2. Your query will be in Xpath form, so that time value is tricky, see msdn for the EventLogQuery definition.
  3. Your program will run into access issues, be ready to impersonate a user that’s included in the EventReaders AD group on the logging machine.

This sample shows some of the new access methods:

string eventID = "5312";
string LogSource = "Microsoft-Windows-GroupPolicy/Operational";  
string sQuery = "*[System/EventID=" + eventID + "]";

var elQuery = new EventLogQuery(LogSource, PathType.LogName, sQuery);
using (var elReader = new System.Diagnostics.Eventing.Reader.EventLogReader(elQuery))
{

    List<EventRecord> eventList = new List<EventRecord>();
    EventRecord eventInstance = elReader.ReadEvent();
    try
    {
        for (null != eventInstance; eventInstance = elReader.ReadEvent())
        {
            //Access event properties here:
            //eventInstance.LogName;
            //eventInstance.ProviderName;
            eventList.Add(eventInstance);
        }
    }
    finally
    {
        if (eventInstance != null)
            eventInstance.Dispose();
    }
}

More Related Contents:

  1. How to remove a lambda event handler [duplicate]
  2. What are the differences between delegates and events?
  3. How do I call paint event?
  4. Is it bad to not unregister event handlers?
  5. Is there a downside to adding an anonymous empty delegate on event declaration?
  6. .NET Events for Process executable start
  7. Listen to changes of dependency property
  8. Handling a Click for all controls on a Form
  9. Difference between wiring events with and without “new”
  10. How to dispatch events in C#
  11. How can I make the value of a variable track the value of another
  12. Using lambda expressions for event handlers
  13. I need a event to detect Internet connect/disconnect
  14. C# how to loop while mouse button is held down
  15. += new EventHandler(Method) vs += Method [duplicate]
  16. How to handle add to list event?
  17. Event to detect System wake up from sleep in C#
  18. How do events cause memory leaks in C# and how do Weak References help mitigate that?
  19. Implementing the Producer/Consumer Pattern in C#
  20. Passing data between WinForms forms [duplicate]
  21. Removing the delay after KeyDown event?
  22. Unit testing that events are raised in C# (in order)
  23. C#: How to create an attribute on a method triggering an event when it is invoked?
  24. How do I create 5 buttons and assign individual click events dynamically? [closed]
  25. Should I always disconnect event handlers in the Dispose method?
  26. Order of events ‘Form.Load’, ‘Form.Shown’ and ‘Form.Activated’ in Windows Forms
  27. Exposing .NET events to COM?
  28. How to subscribe to other class’ events in C#?
  29. In a C# event handler, why must the “sender” parameter be an object?
  30. How do I raise an event in a usercontrol and catch it in mainpage?

Leave a Comment