Here i am trying to read the local system event log using c# using this code-
string eventLogText = "";
try
{
var eventLog = new EventLog("logname", "machinename");
foreach (var entry in eventLog.Entries)
{
eventLogText += entry;
}
}
catch (Exception eg)
{
MessageBox.Show(eg.Message);
}
It is working well, but the problem is, in the variable eventLogText i get only System.Diagnostics.EventLogEntry repeatedly, may be this is very common mistake but i don't know what to do as i am very new to the c# as well as programming too.
Secondly i want to know that if a system is not logged in using Administrator account, in that case reading event log will cause any exception or error and if it will what will be the solution for it ?
Need help.Thanks in advance.
Regarding your first question, you are just adding the variable entry to the string, which is calling the ToString method on that variable. The default implementation of ToString is to return the name of the class. (Hence the repeated System.Diagnostics.EventLogEntryoutput)
You will need to use the members in the EventLogEntry class to retrieve the data you are interested in. For example, this console application will print the source and message of the first 10 entries in the Application event log:
static void Main(string[] args)
{
StringBuilder eventLogText = new StringBuilder();
try
{
var eventLog = new EventLog("Application");
var tenMostRecentEvents = eventLog.Entries
.Cast<EventLogEntry>()
.Reverse()
.Take(10);
foreach (EventLogEntry entry in tenMostRecentEvents)
{
eventLogText.AppendLine(String.Format("{0} - {1}: {2}",
entry.Source,
entry.TimeWritten,
entry.Message));
}
Console.WriteLine(eventLogText.ToString());
}
catch (System.Security.SecurityException ex)
{
Console.WriteLine(ex);
}
Console.ReadLine();
}
Regarding your second question, your code will need the appropriate permissions to read that event log. For example, if I change the code read the Security event log using this line var eventLog = new EventLog("Security"); I will receive a security exception. You can check this answer for more information
Hope it helps!
Related
I read somewhere (and it is true), that windows logs eventID 2003 when you plug in a USB key, and 2102 when you unplug it. (These events do occur on my machine)
this won't work, I can't figure out why, and where to look (another log ?)
using System.Diagnostics.Eventing.Reader;
class Program
{
static void Main(string[] args)
{
string query = "*[System/EventID=2003]";
EventLogQuery eventsQuery = new EventLogQuery("System", PathType.LogName, query);
try
{
EventLogReader logReader = new EventLogReader(eventsQuery);
for (EventRecord eventdetail = logReader.ReadEvent(); eventdetail != null; eventdetail = logReader.ReadEvent())
{
Console.WriteLine(eventdetail.FormatDescription()); // explore the event
}
}
catch (EventLogNotFoundException e)
{
Console.WriteLine("Error while reading the event logs");
return;
}
Console.WriteLine("Done");
Console.ReadLine();
}
}
I can't seem to find any event.
using
string query = "*[System/Provider/#Name=\"Microsoft-Windows-DriverFrameworks-UserMode\"]";
I do hav some events, thow not the 2003 I am after
I finally found a solution : as suspected, the logname was not the right one.
changing "System" to "Microsoft-Windows-DriverFrameworks-UserMode/Operational" solved the problem. The microsoft documentation is once again, a total mess, and ridiculously unclear.
I have an app that reads from text files to determine which reports should be generated. It works as it should most of the time, but once in awhile, the program deletes one of the text files it reads from/writes to. Then an exception is thrown ("Could not find file") and progress ceases.
Here is some pertinent code.
First, reading from the file:
List<String> delPerfRecords = ReadFileContents(DelPerfFile);
. . .
private static List<String> ReadFileContents(string fileName)
{
List<String> fileContents = new List<string>();
try
{
fileContents = File.ReadAllLines(fileName).ToList();
}
catch (Exception ex)
{
RoboReporterConstsAndUtils.HandleException(ex);
}
return fileContents;
}
Then, writing to the file -- it marks the record/line in that file as having been processed, so that the same report is not re-generated the next time the file is examined:
MarkAsProcessed(DelPerfFile, qrRecord);
. . .
private static void MarkAsProcessed(string fileToUpdate, string
qrRecord)
{
try
{
var fileContents = File.ReadAllLines(fileToUpdate).ToList();
for (int i = 0; i < fileContents.Count; i++)
{
if (fileContents[i] == qrRecord)
{
fileContents[i] = string.Format("{0}{1} {2}"
qrRecord, RoboReporterConstsAndUtils.COMPLETED_FLAG, DateTime.Now);
}
}
// Will this automatically overwrite the existing?
File.Delete(fileToUpdate);
File.WriteAllLines(fileToUpdate, fileContents);
}
catch (Exception ex)
{
RoboReporterConstsAndUtils.HandleException(ex);
}
}
So I do delete the file, but immediately replace it:
File.Delete(fileToUpdate);
File.WriteAllLines(fileToUpdate, fileContents);
The files being read have contents such as this:
Opas,20170110,20161127,20161231-COMPLETED 1/10/2017 12:33:27 AM
Opas,20170209,20170101,20170128-COMPLETED 2/9/2017 11:26:04 AM
Opas,20170309,20170129,20170225-COMPLETED
Opas,20170409,20170226,20170401
If "-COMPLETED" appears at the end of the record/row/line, it is ignored - will not be processed.
Also, if the second element (at index 1) is a date in the future, it will not be processed (yet).
So, for these examples shown above, the first three have already been done, and will be subsequently ignored. The fourth one will not be acted on until on or after April 9th, 2017 (at which time the data within the data range of the last two dates will be retrieved).
Why is the file sometimes deleted? What can I do to prevent it from ever happening?
If helpful, in more context, the logic is like so:
internal static string GenerateAndSaveDelPerfReports()
{
string allUnitsProcessed = String.Empty;
bool success = false;
try
{
List<String> delPerfRecords = ReadFileContents(DelPerfFile);
List<QueuedReports> qrList = new List<QueuedReports>();
foreach (string qrRecord in delPerfRecords)
{
var qr = ConvertCRVRecordToQueuedReport(qrRecord);
// Rows that have already been processed return null
if (null == qr) continue;
// If the report has not yet been run, and it is due, add i
to the list
if (qr.DateToGenerate <= DateTime.Today)
{
var unit = qr.Unit;
qrList.Add(qr);
MarkAsProcessed(DelPerfFile, qrRecord);
if (String.IsNullOrWhiteSpace(allUnitsProcessed))
{
allUnitsProcessed = unit;
}
else if (!allUnitsProcessed.Contains(unit))
{
allUnitsProcessed = allUnitsProcessed + " and "
unit;
}
}
}
foreach (QueuedReports qrs in qrList)
{
GenerateAndSaveDelPerfReport(qrs);
success = true;
}
}
catch
{
success = false;
}
if (success)
{
return String.Format("Delivery Performance report[s] generate
for {0} by RoboReporter2017", allUnitsProcessed);
}
return String.Empty;
}
How can I ironclad this code to prevent the files from being periodically trashed?
UPDATE
I can't really test this, because the problem occurs so infrequently, but I wonder if adding a "pause" between the File.Delete() and the File.WriteAllLines() would solve the problem?
UPDATE 2
I'm not absolutely sure what the answer to my question is, so I won't add this as an answer, but my guess is that the File.Delete() and File.WriteAllLines() were occurring too close together and so the delete was sometimes occurring on both the old and the new copy of the file.
If so, a pause between the two calls may have solved the problem 99.42% of the time, but from what I found here, it seems the File.Delete() is redundant/superfluous anyway, and so I tested with the File.Delete() commented out, and it worked fine; so, I'm just doing without that occasionally problematic call now. I expect that to solve the issue.
// Will this automatically overwrite the existing?
File.Delete(fileToUpdate);
File.WriteAllLines(fileToUpdate, fileContents);
I would simply add an extra parameter to WriteAllLines() (which could default to false) to tell the function to open the file in overwrite mode, and not call File.Delete() at all then.
Do you currently check the return value of the file open?
Update: ok, it looks like WriteAllLines() is a .Net Framework function and therefore cannot be changed, so I deleted this answer. However now this shows up in the comments, as a proposed solution on another forum:
"just use something like File.WriteAllText where if the file exists,
the data is just overwritten, if the file does not exist it will be
created."
And this was exactly what I meant (while thinking WriteAllLines() was a user defined function), because I've had similar problems in the past.
So, a solution like that could solve some tricky problems (instead of deleting/fast reopening, just overwriting the file) - also less work for the OS, and possibly less file/disk fragmentation.
This is a piece of code for genrating mail which works until I didnt attach path as a parameter . the thing is if I attach the path it didnt throw any error(no logs). Just the page started being unresponsive,and debugger not even jump to next line.
any help wil help me to understand my mistake . Thanks
public ActionResult Mailsending(string list)
{
try
{
string strIdeas = string.Empty;
string Certpath = System.Configuration.ConfigurationManager.AppSettings["UploadPath"];
List<int> list = new List<int>();
List<string> pramAttachment = new List<string>();
pramAttachment.Add(Server.MapPath(Certpath) + "MyPdf.pdf"); ///Path of the generated pdf.
Submitidlist = new CommonBL().GetSubmiidListForGenerateMail();
new CommonBL().UpdateIsGenerateStatus(ideaidlist, UserID);
foreach (var item in ideaidlist)
{
strIdeas = strIdeas + item.ToString() + ",";
}
GenerateMyPDF(list); //Here pdf is generating
string path = GenerateMail(strIdeas.TrimEnd(','));
if (path != string.Empty)
{
new CommonBL().AddGenerateImagePath(path, UserId);
new MailSender().SendMail((int)eMailType.GenerateMail, null, pramAttachment); // here path is added as parameter,and after this debugger not jump out of this scope.
}
return Json("Mail generated Successfully."); ///no message showing
}
catch (Exception ex)
{
return Json("Error");
}
}
Edit :
public class MailSender : IDisposable
{
public bool SendMail(short mailId, List<KeyValuePair<string, string>> parameters, List<string> attachmentsPath = null);
}
Possibly still leaving lock on the generated PDF, so MailSender is not able to access it due to that exclusive lock. Can you send emails with files previously generated?
adding a point which apparently is also an answer of this question, is :
After debugging whole code, I found that my smtp server is not allowing to send me a mail, so even if the above code is right, it shows processing.
So if anyone is working with above code will work fine.
An update : Now it works fine after configuring my mail service from control panel. So if any one wants to take reference from this can go ahead . the code is fine .
I know that I can read the Security logs of a Windows PC using:
var securityLog = new EventLog("security");
foreach (EventLogEntry entry in securityLog.Entries) {
...
}
The entry item contains all the interesting log fields I expect to see like: InstanceId, Message and others. What I want to do now is read the same things from an event log that was saved to disk as an .evtx file.
I have seen suggestions for using
string xpathQuery = "*";
var eventsQuery = args.Length == 0
? new EventLogQuery("Security", PathType.LogName, xpathQuery)
: new EventLogQuery(args[0], PathType.FilePath, xpathQuery);
using (var eventLogReader = new EventLogReader(eventsQuery)) {
EventLogRecord entry;
while ((entry = (EventLogRecord) eventLogReader.ReadEvent()) != null) {
...
}
}
but the entry in the second version doesn't contain the same members/values as the first example. I totally dig that I am confused and am looking at the problem the wrong way.
How should one go about reading the actual per record content from either an active or saved system log?
Or, can I go from an EventLogRecord to an EventLogEntry? I have not seen that conversion method yet.
I'm trying to read event logs for my application EventLoggingApp. The problem is reading logs for my single source (EventLoggingApp).
This code read logs for every source. What is the problem? Any advice?
static void ReadEvenLog()
{
string eventLogName = "Application";
string sourceName = "EventLoggingApp";
string machineName = "Tom";
EventLog eventLog = new EventLog();
eventLog.Log = eventLogName;
eventLog.Source = sourceName;
eventLog.MachineName = machineName;
foreach (EventLogEntry log in eventLog.Entries)
{
Console.WriteLine("{0}\n",log.Source);
}
}
Try this:
EventLog log = new EventLog("Security");
var entries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.InstanceId == 4624)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message
}).ToList();
Check out this article on MSDN. You can't read event log entries by source. Only log name matters. Instead you can create separate event log for you application or filter entries by verifying Source property of each entry in foreach loop.
MSDN (1)(2) says that Source is for writing event logs only.
It is not necessary to specify a Source when only reading from a log. You can specify only the Log name and MachineName (server computer name) properties for the EventLog instance. In either case, the Entries member is automatically populated with the event log's list of entries. You can select the appropriate index for an item in this list to read individual entries. (1)
I am not really sure what you were trying to print on the console. If it is the message in each event log entry that you are trying to print, inside the foreach loop you should have this instead:
Console.WriteLine(log.Message + "\n");
If you connect to localhost set MachineName to "."
Check if user has right to read from eventlog