CODEWITHSUNDEEP
c#
EvsizTospaa
EvsizTospaa

Reputation: 91

Accessing Application and Service logs with C#

I was wondering if there is a way to reach the logs under the section named Application and Service Logs in the Event viewer utility in Windows. The thing is, I can read the entries under Windows Logs with the code below. I read the whole entry, and get the items with the necessary id, getting top 20 results. But I couldn't find anything on accessing the Application and Service logs section. Should I change the LogType in the EventLog constructor? Or is there a different method or class to access Application and Service logs? Trying "Application" as the logType variable doesnt work.

        string str = "";
        EventLog ev = new EventLog(logType, System.Environment.MachineName);
        int LastLogToShow = ev.Entries.Count;
        if (LastLogToShow <= 0)
            Console.WriteLine("No Event Logs in the Log :" + logType);

        int i;
        int k = 0;

        for (i = ev.Entries.Count - 1; i >= 0; i--)
        {
            EventLogEntry CurrentEntry = ev.Entries[i];
            if (CurrentEntry.EventID == id)
            {
                if (id == 1)
                {
                    str += "Son Açılma \n";
                    str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
                }

                else if (id == 42)
                {
                    str += "Son Kapatılma \n";
                    str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
                }
                else
                {
                    str += "Event type: " + CurrentEntry.EntryType.ToString() + "\n";
                    str += "Event Message: " + CurrentEntry.Message + CurrentEntry + "\n";
                    str += "Event : " + CurrentEntry.UserName + "\n" + "\n";
                    str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
                }
                k++;
            }
            if (k > 20)
                break;
        }
        ev.Close();
        return str;

What I am looking for is under

Application and Service Logs/

Microsoft/

Windows/

TerminalServices-RemoteConnectionManager/

Operational/

Event ID 1149

Upvotes: 2

Views: 4635

Answers (1)

Iain Ward
Iain Ward

Reputation: 9936

I'm not sure you can access them using the EventLog class, or at least I couldn't figure out how. I did it using the EventLogQuery class instead.

I've provided an example below which I adapted from this post (C#: How to Query for an event log details with a given event id?), and should work for what you need: 

using System.Diagnostics.Eventing.Reader;

string logType = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational";
string query = "*[System/EventID=1149]";

var elQuery = new EventLogQuery(logType, PathType.LogName, query);
var elReader = new EventLogReader(elQuery);

for (EventRecord eventInstance = elReader.ReadEvent(); eventInstance != null; eventInstance = elReader.ReadEvent())
{
      // .. do stuff here
}

Upvotes: 4

Related Questions