M
Mike
Hi,
How to read archived system eventlog file (*.evt) in C# ?
Any code samples ?
-Mike
How to read archived system eventlog file (*.evt) in C# ?
Any code samples ?
-Mike
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
N
Nicholas Paldino [.NET/C# MVP]
Mike,
Unfortunately, I don't believe that there is. If anything, you will
have to call the appropriate API functions through the P/Invoke layer.
Hope this helps.
Unfortunately, I don't believe that there is. If anything, you will
have to call the appropriate API functions through the P/Invoke layer.
Hope this helps.
W
Willy Denoyette [MVP]
Don't archive using the eventlog format, use CSV or TAB delimited format
instead.
Parsing a CSV TAB delimited file should be trivial using the
System.IO.StreamReader class.
Willy.
instead.
Parsing a CSV TAB delimited file should be trivial using the
System.IO.StreamReader class.
Willy.
J
Jeffrey Tan[MSFT]
Hi Mike
Thanks for posting in this group.
Why not you read the eventlog directly using System.Diagnostics.EventLog
class?
If you want to archive the eventlog, I think Willy's suggestion may meet
your need.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Thanks for posting in this group.
Why not you read the eventlog directly using System.Diagnostics.EventLog
class?
If you want to archive the eventlog, I think Willy's suggestion may meet
your need.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
M
Mike
I wanted to filter-out events ( based on particular event-
id, source, message, etc) from the archived eventlog
( .evt or .csv format or .txt format) ;
C# Samples?
Are there any helper classes in C# to achieve the same?
-Mike
id, source, message, etc) from the archived eventlog
( .evt or .csv format or .txt format) ;
C# Samples?
Are there any helper classes in C# to achieve the same?
-Mike
F
Felix Wang
Hi Mike,
The following steps are for your reference:
1. Export the event log to a CSV file. Create a new folder and put the CSV
file in that folder.
2. Create a ODBC Data Source that uses "Microsoft Text Driver". Change the
"Directory" for the database to the directory that holds the CSV file.
3. In VS.Net, use OdbcDataAdapter and OdbcConnection to connect to the ODBC
Data Source created in step 2.
4. Use the OdbcDataAdapter to fill the DataSet.
5. Use a DataView to do the filtering.
Most of the steps above can be done without doing any coding work. I hope
this helps.
Regards,
Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
The following steps are for your reference:
1. Export the event log to a CSV file. Create a new folder and put the CSV
file in that folder.
2. Create a ODBC Data Source that uses "Microsoft Text Driver". Change the
"Directory" for the database to the directory that holds the CSV file.
3. In VS.Net, use OdbcDataAdapter and OdbcConnection to connect to the ODBC
Data Source created in step 2.
4. Use the OdbcDataAdapter to fill the DataSet.
5. Use a DataView to do the filtering.
Most of the steps above can be done without doing any coding work. I hope
this helps.
Regards,
Felix Wang
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
J
Jeffrey Tan[MSFT]
Hi Mike,
Does my colleague's suggestion resolve your problem?
If you still have anything unclear, please feel free to tell me.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Does my colleague's suggestion resolve your problem?
If you still have anything unclear, please feel free to tell me.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
G
Guest
No.
I want to do it programatically using C# like filter events in %systemroot%\system32\eventquery.vbs .
any C# sample you could point-out
----- \"Jeffrey Tan[MSFT]\" wrote: ----
Hi Mike
Does my colleague's suggestion resolve your problem
If you still have anything unclear, please feel free to tell me
Best regards
Jeffrey Ta
Microsoft Online Partner Suppor
Get Secure! - www.microsoft.com/securit
This posting is provided "as is" with no warranties and confers no rights
I want to do it programatically using C# like filter events in %systemroot%\system32\eventquery.vbs .
any C# sample you could point-out
----- \"Jeffrey Tan[MSFT]\" wrote: ----
Hi Mike
Does my colleague's suggestion resolve your problem
If you still have anything unclear, please feel free to tell me
Best regards
Jeffrey Ta
Microsoft Online Partner Suppor
Get Secure! - www.microsoft.com/securit
This posting is provided "as is" with no warranties and confers no rights
J
Jeffrey Tan[MSFT]
Hi Mike,
Thanks for your feedback.
I will do some research on it. I will reply to you ASAP.
Thanks for your understanding.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Thanks for your feedback.
I will do some research on it. I will reply to you ASAP.
Thanks for your understanding.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
W
Willy Denoyette [MVP]
This script doesn't read archived eventlogs, it's reads/filters regular
eventlogs based on input criteria.
Willy.
eventlogs based on input criteria.
Willy.
J
Jeffrey Tan[MSFT]
Hi Mike,
I have writen a sample project to read the CSV file for you.
You can try the following Solution to see if it helps resolve your issue:
1). Save your eventlog into a directory: D:\test\test.csv
2). Create a system ODBC DNS for your test.csv
3). Use ADO.net ODBC provider to read this file and bind it to the WinForm
datagrid control to display
private void lightButton1_Click(object sender, System.EventArgs e)
{
OdbcDataAdapter oda = new OdbcDataAdapter("SELECT * FROM test.csv",
this.odbcConnection1);
DataSet ds = new DataSet();
oda.Fill(ds);
this.dataGrid1.DataSource = ds.Tables[0];
}
============================================
Please apply my suggestion above and let me know if it helps resolve your
problem.
Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
I have writen a sample project to read the CSV file for you.
You can try the following Solution to see if it helps resolve your issue:
1). Save your eventlog into a directory: D:\test\test.csv
2). Create a system ODBC DNS for your test.csv
3). Use ADO.net ODBC provider to read this file and bind it to the WinForm
datagrid control to display
private void lightButton1_Click(object sender, System.EventArgs e)
{
OdbcDataAdapter oda = new OdbcDataAdapter("SELECT * FROM test.csv",
this.odbcConnection1);
DataSet ds = new DataSet();
oda.Fill(ds);
this.dataGrid1.DataSource = ds.Tables[0];
}
============================================
Please apply my suggestion above and let me know if it helps resolve your
problem.
Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.
Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.