Reading the Windows Event Log

I suppose you are connecting to a remote system, in this case you might
speed up the process considerably by using System.Manageme nt and WMI.
Here is a complete sample, but I suggest you consult MSDN and the platform
sdk docs to get an idea what is done at the WMI level.
using System;
using System.Manageme nt;
using System.IO;
class App {
[MTAThread]
private static void Main(string[] args)
{
// Beware! the account used to connect must have remote WMI privileges on
the remote server.

RunProcess M = new RunProcess("adm inuser", "adminpwd", "remservername" );
M.Run();
}
}
sealed class RunProcess
{
private ConnectionOptio ns co;
private ManagementScope scope;

public RunProcess(stri ng ConnectionUser, string ConnectionPassw ord, string
Machine )
{
co = new ConnectionOptio ns();
co.Username = ConnectionUser;
co.Password = ConnectionPassw ord;
co.Impersonatio n = ImpersonationLe vel.Impersonate ;
scope = new ManagementScope (@"\\" + Machine + @"\root\cimv 2", co);
scope.Connect() ;
}
public void Run()
{
string logFileName = "security";
// default blocksize = 1, larger value may increase network throughput
EnumerationOpti ons opt = new EnumerationOpti ons();
opt.BlockSize = 1000;
// Get only Logon/LogOff category from security log
SelectQuery query = new SelectQuery("se lect CategoryString,
TimeGenerated, User, Type from Win32_NtLogEven t where Logfile ='" +
logFileName + "' " + "and category = 2");
using(Managemen tObjectSearcher searcher = new
ManagementObjec tSearcher(scope , query, opt))
{
foreach (ManagementObje ct mo in searcher.Get()) {
string logInfo = String.Format(" {0} - {1} - {2}", mo["Type"],
mo["CategoryString "], mo["User"]);
Console.WriteLi ne(logInfo);
}
}
}
}

Willy.

"hecsan07" <he******@hotma il.com> wrote in message
news:4B******** *************** ***********@mic rosoft.com...
| Hey
|
| I am trying to read the Windows Event Logc. In fact, I am able to read the
| Event Log. My problem is that I am reading and filtering a large log and
it
| takes a very very very very long time to complete. I am using the ordinary
| technique for reading/writing from and to the Event Log. I am wondering if
| there is a better way to speed things up. Below is an excerpt of the code
I
| am using (notice that I am filtering by Category and TimeGenerated; again
| this works fine on small logs but is painfully sloooooooowwwww on large
ones):
|
| DateTime eventDate = DateTime.MinVal ue;
| EventLog eventLog = new EventLog(logNam e, machine);
|
| foreach(EventLo gEntry logEntry in eventLog.Entrie s)
| {
| if(logEntry.Cat egory == "Logon/Logoff" && logEntry.TimeGe nerated >
eventDate)
| {
| //print the values
| Console.Write(C onvert.ToString (logEntry.Entry Type) + "\t" +
| logEntry.TimeGe nerated.ToStrin g() + "\t" + logEntry.Catego ry + "\t" +
| logEntry.UserNa me + "\n");
| }
| }
|
| Please help.
|
| Thanks
| KK
|