<%@ Page %>
Manipulating Windows Event Log
Windows Event Log keeps track of system wide and application level events. These events messages constitute things such as information messages, error messages, warnings and alerts. If your system is giving some troubles event log is the first place an administrator will look into. .NET framework provides classes that allow you to manipulate or customize windows event logs. How to work with these classes is the topic of this article.
Namespaces and classes
The classes and enumerations required to work with event log are available in System.Diagnostics namespace. Some of the important and frequently used classes are:
Writing to event log
The most commonly used task while working with event logs is writing messages into them. The EventLog class provides a static method called WriteEntry() that can be used for this purpose.
The first parameter of the WriteEntry() method is a string specifying the source from which the entry is being written. One event log can contain entries from many sources. This is string is used to identify a particular event log entry and its source. Commonly this string will be your application name. Before you write any message belonging to a particular source that source should be registered with the log. This work is done behind the scenes for you by the WriteEntry() method.
The second parameter of theWriteEntry() is the message that is to be written to the event log.
You just wrote a message to the event log. But where will it go? If you glance the Event Viewer, you will have three logs by default - Application, Security and System. All the messages you sent via above code will be written to Application event log by default. You can change this behavior as we will see later.
Specifying type of event log entry
Another overload of the WriteEntry() method accepts third parameter of type EventLogEntryType. using this parameter you can indicate whether the log entry is warning, error or just an information.
Registering event source manually
At times you need to register the event source manually. You can do that using CreateEventSource() method of EventLog class.
Here, we first check whether the event source - mysource - is already registered or not using SourceExists() method. If it is not registered then we register it by calling CreateEventSource() method. The first parameter of CreateEventSource method is the source name and second parameter is the log with which the source is to be registered. You need to call above code before you write any entries to the log from the specified source.
Creating custom event logs
In the above examples we wrote our messages to the Application log. However, if your application is writing too many entries you may want to isolate them in a separate log. In order to create a new log need to create an instance of EventLog class and set its Log and Source properties. You also need to register the event source with the log using CreateEventSource() method.
EventLog log=new EventLog();
In the above code, you first created an instance of EventLog class. Then you set its Source property to the source of the log. This is same as specifying source in the WriteEntry method. Next, you set the Log property to the new log that you want to create.
Obtaining list of event logs
In applications where in you allow administrators to manage event logs you will want to get list of available event logs on a machine. This can be achieved by using GetEventLogs() method of EventLog class.
foreach(EventLog el in locallogs)
//your code here
The GetEventLogs() method returns an array of EventLog class. You can iterate through the array and work with individual log.
Deleying event log
You can delete event logs by calling Delete() method of EventLog class.
Obtaining information about an event log entry
You can get a list of event log entries via Entries collection of EventLog instance. This property is a collection of EventLogEntry classes. Each instance represents an entry from the log. Some of the commonly used properties of EventEntry class are - Message, Source, TimeWritten and UserName. We already know about Message and Source properties. As you might have guess the TimeWritten property tells you when the entry was written to the log and UserName property tells you the user name.
EventLog log=new EventLog();
foreach(EventLogEntry entry in log.Entries)
//your code here
In this article we saw how to manipulate event log using EventLog class. We saw how WriteEntry() method of EventLog class provides easy way to write your messages to the event log. At times you may want to create custom logs which can be achieved by create instance of EventLog class and setting Source and Log properties. Even though .NET allows you to manipulate event logs easily, while programmatically deleting or altering the logs you should consult your system administrator.