Binson Eldhose
Reputation: 1013
Parsing of Message field of Event Log entry c#
How i can parse a particular field of event log message Or Replacement string using C#. Ie i need to parse the "Workstation Name" from a security event log with id 4624, The sample log is given belowenter code here
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
Impersonation Level: -
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: - some data
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I thought the order and count of replacement strings are same for every event with same event id but the length is not same. so how i can parse this string into corresponding object / or extract a particular field
Upvotes: 1
Views: 1692
Answers (1)
Igor Popov
Reputation: 2154
If you need to extract value of Workstation Name field one of the easiest ways would be using regular expressions
string fieldName = "Workstation Name";
var expression = new Regex(string.Format(@"\s*{0}:\s*-\s*(.+)\r\n", fieldName));
Match match = expression.Match(fileText);
if (match.Success)
{
string workstationName = match.Groups[1];
...
}
Upvotes: 3
Related Questions
- Specific data from EventLogEntry
- Read event log in C#
- Reading From an Eventlog Programatticly
- What is the simplest way to query event logs for message contents in C#?
- Parsing from a Log file
- need help parsing an IIS log in c#
- Parsing an inconsistent log file
- Parse a log file and get entry data
- Best way to parse a log file in C#
- reading an event log