Reputation: 671
Query the Windows event log in a performant way
I've built an ASP.NET web app to view data from the Windows Event Log using databound controls. The data is retrieved via an ObjectDataSource connected to a mediator class that accesses the EventLog. When I connect a GridView to the ObjectDataSource, it wants to count the rows in the EventLog. I can do this simply and quickly with:
var log = new EventLog {Log = logName};
return log.Entries.Count;
From my unscientific perspective, it appears to be returning in O(1). However, if I want to count entries that occur before a certain date or that are via a certain event source, I cannot find a way to count them that is efficient. I've tried WMI queries such as:
var query = new ObjectQuery("Select * from Win32_NTLogEvent
where LogFile='Application'");
var searcher = new ManagementObjectSearcher(query);
var result = searcher.Get();
var foo = result.Count;
For an event log with 70k entries, this takes on the order of a minute on my reasonably powered workstation. It's looking like O(n). I've also tried filtering log.Entries with Linq and get similar results.
Is there any more performant way to do this? For the actual data in the grid, I've found looping over the log.Entries and accessing via index a very performant way to get a collection of entries.
Upvotes: 3
Views: 2683
Answers (1)
Reputation: 161773
If you are using .NET 3.5 or above, then you can use the EventLogQuery class and related APIs.
Upvotes: 1
Related Questions
- Reading Windows Logs efficiently and fast
- How to export Windows Event log for a specific source with WMI?
- C# WMI reading remote event log
- Use C# to gather event logs from a specified time period
- High Performance Event Log
- Which approach is better to read Windows Event log in C#? WMI or EventLog
- Enhance reading speed from event log?
- Using WMI to monitor event log
- Detect when a new event is logged in Windows
- use wmi to get newest Windows log events