Reputation: 81
Uniquely identifying an Event Log entry in C#
By way of background I am trying to consolidate windows security event log entries from a number of machines into a single SQL Table so I can report on them. This all works in C#.
But I need a way to more efficiently determine if I have seen this event before so I don't have to do a complex lookup on my database to see if I have seen every entry before.
Because multiple events can be generated at once, the only way I have seen so far to avoid duplicates is to check for the Event ID, Time Generated, Machine Name and in some cases parameters.
Does the .Net Framework expose any form of unique identifier I could use to simplify this process?
Thanks in advance
Upvotes: 3
Views: 2561
Answers (3)
Reputation: 81
OK, solved it with all your help. Take the Timestamp, Event ID and Machine Name, then create an MD5 Hash of that. Simple and easily indexed. Performance is up a long way too.
Upvotes: 1
Reputation: 669
I'm not sure what C# method you're using, but you can get the record number which you could use (e.g. computer + log + record_number). I know you can get to the record number in C# via the ManagementObjectSearcher (aka WMI), not sure about the other APIs.
You can also get to the record number via the win32 APIs:
Old API: EVENTLOGRECORD Structure
New API: EventRecordID (SystemPropertiesType) Element
Upvotes: 1
Reputation: 14980
Unfortunately the only thing you can do is take a combined key of the computer, event source, event id and timestamp for uniquely matching. There is no globally unique ID in the event framework, AFAIK.
Upvotes: 0
Related Questions
- What event id to use for my custom event log entries?
- Specific data from EventLogEntry
- How to read only new events added to the event log?
- Read event log in C#
- Reading From an Eventlog Programatticly
- Unique EventId generation
- is the event log index unique
- Unique identifier for an event in Event Log
- How can I programmatically determine the description of an Event ID
- EventLog Properties related