Reputation: 2788
Using WMI to monitor event log
I am trying to use WMI to monitor the event log for EntryWritten events, so I set up the handler as follows:
// Create the event log monitor
string query = "Select * From __InstanceCreationEvent Where TargetInstance.LogFile='Application'";
WqlEventQuery aProcessCreationQuery = new WqlEventQuery(query);
ManagementEventWatcher aWatcher = new ManagementEventWatcher(aProcessCreationQuery);
aWatcher.EventArrived += new EventArrivedEventHandler(EventLogMonitor);
But my handler method EventLogMonitor never fires, even when things are being written to the Application Event log. My application runs as a service monitoring for things written to the event log.
I found somewhere that I may need to add the line:
aWatcher.Start()
in the StartService() method, but if I do the service wont start. I wonder if anybody has any ideas on this?
Upvotes: 0
Views: 2121
Answers (1)
Reputation: 136391
You WQL senence is wrong
Select * From __InstanceCreationEvent Where TargetInstance.LogFile='Application'
you must include the class which you are inspecting in the sentence using the ISA keyword
Something like so
Select * From __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.LogFile='Application'
Upvotes: 3
Related Questions
- How to export Windows Event log for a specific source with WMI?
- C# WMI reading remote event log
- How to collect the new "Applications and Services Logs" found on Windows 7 or Windows Server 2008 using WMI?
- High Performance Event Log
- Which approach is better to read Windows Event log in C#? WMI or EventLog
- How to consume WMI Events in C#
- Query the Windows event log in a performant way
- Detect when a new event is logged in Windows
- use wmi to get newest Windows log events
- WMI instrinsic events. Resources