EventLog.GetEventLogs Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Creates an array of the event logs.
Overloads
GetEventLogs(String) |
Searches for all event logs on the given computer and creates an array of EventLog objects that contain the list. |
GetEventLogs() |
Searches for all event logs on the local computer and creates an array of EventLog objects that contain the list. |
GetEventLogs(String)
- Source:
- EventLog.cs
- Source:
- EventLog.cs
Searches for all event logs on the given computer and creates an array of EventLog objects that contain the list.
public:
static cli::array <System::Diagnostics::EventLog ^> ^ GetEventLogs(System::String ^ machineName);
public static System.Diagnostics.EventLog[] GetEventLogs (string machineName);
static member GetEventLogs : string -> System.Diagnostics.EventLog[]
Public Shared Function GetEventLogs (machineName As String) As EventLog()
Parameters
- machineName
- String
The computer on which to search for event logs.
Returns
An array of type EventLog that represents the logs on the given computer.
Exceptions
The machineName
parameter is an invalid computer name.
You do not have read access to the registry.
-or-
There is no event log service on the computer.
Examples
The following example gets a list of logs on the computer "myServer". It then outputs the name of each log.
#using <System.dll>
using namespace System;
using namespace System::Diagnostics;
using namespace System::Threading;
int main()
{
array<EventLog^>^remoteEventLogs;
remoteEventLogs = EventLog::GetEventLogs( "myServer" );
Console::WriteLine( "Number of logs on computer: {0}", remoteEventLogs->Length );
System::Collections::IEnumerator^ myEnum = remoteEventLogs->GetEnumerator();
while ( myEnum->MoveNext() )
{
EventLog^ log = safe_cast<EventLog^>(myEnum->Current);
Console::WriteLine( "Log: {0}", log->Log );
}
}
using System;
using System.Diagnostics;
class MySample
{
public static void Main()
{
EventLog[] remoteEventLogs;
remoteEventLogs = EventLog.GetEventLogs("myServer");
Console.WriteLine("Number of logs on computer: " + remoteEventLogs.Length);
foreach (EventLog log in remoteEventLogs)
{
Console.WriteLine("Log: " + log.Log);
}
}
}
Imports System.Diagnostics
Imports System.Threading
Class MySample
Public Shared Sub Main()
Dim remoteEventLogs() As EventLog
remoteEventLogs = EventLog.GetEventLogs("myServer")
Console.WriteLine(("Number of logs on computer: " & remoteEventLogs.Length))
Dim log As EventLog
For Each log In remoteEventLogs
Console.WriteLine(("Log: " & log.Log))
Next log
End Sub
End Class
Remarks
The array of EventLog objects is a snapshot of all event logs on the computer specified by the machineName
parameter when the call to GetEventLogs is made. This is not a dynamic collection, so it does not reflect the deletion or creation of logs in real time. You should verify that a log in the array exists before you read or write to it. The array usually includes at least three logs: Application, System, and Security. If you created custom logs on the specified computer, they will appear in the array as well.
GetEventLogs is a static
method, so it can be called on the EventLog class itself. It is not necessary to create an instance of an EventLog object to make a call to the method.
To retrieve the list of event logs, you must have the appropriate registry permissions. These permissions are identical to those required to call Exists and SourceExists.
See also
Applies to
GetEventLogs()
- Source:
- EventLog.cs
- Source:
- EventLog.cs
Searches for all event logs on the local computer and creates an array of EventLog objects that contain the list.
public:
static cli::array <System::Diagnostics::EventLog ^> ^ GetEventLogs();
public static System.Diagnostics.EventLog[] GetEventLogs ();
static member GetEventLogs : unit -> System.Diagnostics.EventLog[]
Public Shared Function GetEventLogs () As EventLog()
Returns
An array of type EventLog that represents the logs on the local computer.
Exceptions
You do not have read access to the registry.
-or-
There is no event log service on the computer.
Examples
The following example enumerates the event logs defined on the local computer, and displays configuration details for each event log.
void DisplayEventLogProperties()
{
// Iterate through the current set of event log files,
// displaying the property settings for each file.
array<EventLog^>^eventLogs = EventLog::GetEventLogs();
System::Collections::IEnumerator^ myEnum = eventLogs->GetEnumerator();
while ( myEnum->MoveNext() )
{
EventLog^ e = safe_cast<EventLog^>(myEnum->Current);
Int64 sizeKB = 0;
Console::WriteLine();
Console::WriteLine( "{0}:", e->LogDisplayName );
Console::WriteLine( " Log name = \t\t {0}", e->Log );
Console::WriteLine( " Number of event log entries = {0}", e->Entries->Count );
// Determine if there is a file for this event log.
RegistryKey ^ regEventLog = Registry::LocalMachine->OpenSubKey( String::Format( "System\\CurrentControlSet\\Services\\EventLog\\{0}", e->Log ) );
if ( regEventLog )
{
Object^ temp = regEventLog->GetValue( "File" );
if ( temp != nullptr )
{
Console::WriteLine( " Log file path = \t {0}", temp );
FileInfo^ file = gcnew FileInfo( temp->ToString() );
// Get the current size of the event log file.
if ( file->Exists )
{
sizeKB = file->Length / 1024;
if ( (file->Length % 1024) != 0 )
{
sizeKB++;
}
Console::WriteLine( " Current size = \t {0} kilobytes", sizeKB );
}
}
else
{
Console::WriteLine( " Log file path = \t <not set>" );
}
}
// Display the maximum size and overflow settings.
sizeKB = e->MaximumKilobytes;
Console::WriteLine( " Maximum size = \t {0} kilobytes", sizeKB );
Console::WriteLine( " Overflow setting = \t {0}", e->OverflowAction );
switch ( e->OverflowAction )
{
case OverflowAction::OverwriteOlder:
Console::WriteLine( "\t Entries are retained a minimum of {0} days.", e->MinimumRetentionDays );
break;
case OverflowAction::DoNotOverwrite:
Console::WriteLine( "\t Older entries are not overwritten." );
break;
case OverflowAction::OverwriteAsNeeded:
Console::WriteLine( "\t If number of entries equals max size limit, a new event log entry overwrites the oldest entry." );
break;
default:
break;
}
}
}
static void DisplayEventLogProperties()
{
// Iterate through the current set of event log files,
// displaying the property settings for each file.
EventLog[] eventLogs = EventLog.GetEventLogs();
foreach (EventLog e in eventLogs)
{
Int64 sizeKB = 0;
Console.WriteLine();
Console.WriteLine("{0}:", e.LogDisplayName);
Console.WriteLine(" Log name = \t\t {0}", e.Log);
Console.WriteLine(" Number of event log entries = {0}", e.Entries.Count.ToString());
// Determine if there is an event log file for this event log.
RegistryKey regEventLog = Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Services\\EventLog\\" + e.Log);
if (regEventLog != null)
{
Object temp = regEventLog.GetValue("File");
if (temp != null)
{
Console.WriteLine(" Log file path = \t {0}", temp.ToString());
FileInfo file = new FileInfo(temp.ToString());
// Get the current size of the event log file.
if (file.Exists)
{
sizeKB = file.Length / 1024;
if ((file.Length % 1024) != 0)
{
sizeKB++;
}
Console.WriteLine(" Current size = \t {0} kilobytes", sizeKB.ToString());
}
}
else
{
Console.WriteLine(" Log file path = \t <not set>");
}
}
// Display the maximum size and overflow settings.
sizeKB = e.MaximumKilobytes;
Console.WriteLine(" Maximum size = \t {0} kilobytes", sizeKB.ToString());
Console.WriteLine(" Overflow setting = \t {0}", e.OverflowAction.ToString());
switch (e.OverflowAction)
{
case OverflowAction.OverwriteOlder:
Console.WriteLine("\t Entries are retained a minimum of {0} days.",
e.MinimumRetentionDays);
break;
case OverflowAction.DoNotOverwrite:
Console.WriteLine("\t Older entries are not overwritten.");
break;
case OverflowAction.OverwriteAsNeeded:
Console.WriteLine("\t If number of entries equals max size limit, a new event log entry overwrites the oldest entry.");
break;
default:
break;
}
}
}
Shared Sub DisplayEventLogProperties()
' Iterate through the current set of event log files,
' displaying the property settings for each file.
Dim eventLogs As EventLog() = EventLog.GetEventLogs()
Dim e As EventLog
For Each e In eventLogs
Dim sizeKB As Int64 = 0
Console.WriteLine()
Console.WriteLine("{0}:", e.LogDisplayName)
Console.WriteLine(" Log name = " + ControlChars.Tab _
+ ControlChars.Tab + " {0}", e.Log)
Console.WriteLine(" Number of event log entries = {0}", e.Entries.Count.ToString())
' Determine if there is an event log file for this event log.
Dim regEventLog As RegistryKey
regEventLog = Registry.LocalMachine.OpenSubKey( _
("System\CurrentControlSet\Services\EventLog\" + e.Log))
If Not (regEventLog Is Nothing) Then
Dim temp As Object = regEventLog.GetValue("File")
If Not (temp Is Nothing) Then
Console.WriteLine(" Log file path = " + ControlChars.Tab _
+ " {0}", temp.ToString())
Dim file As New FileInfo(temp.ToString())
' Get the current size of the event log file.
If file.Exists Then
sizeKB = file.Length / 1024
If file.Length Mod 1024 <> 0 Then
sizeKB += 1
End If
Console.WriteLine(" Current size = " + ControlChars.Tab _
+ " {0} kilobytes", sizeKB.ToString())
End If
Else
Console.WriteLine(" Log file path = " + ControlChars.Tab _
+ " <not set>")
End If
End If
' Display the maximum size and overflow settings.
sizeKB = e.MaximumKilobytes
Console.WriteLine(" Maximum size = " + ControlChars.Tab _
+ " {0} kilobytes", sizeKB.ToString())
Console.WriteLine(" Overflow setting = " + ControlChars.Tab _
+ " {0}", e.OverflowAction.ToString())
Select Case e.OverflowAction
Case OverflowAction.OverwriteOlder
Console.WriteLine(ControlChars.Tab + _
" Entries are retained a minimum of {0} days.", _
e.MinimumRetentionDays)
Case OverflowAction.DoNotOverwrite
Console.WriteLine(ControlChars.Tab + _
" Older entries are not overwritten.")
Case OverflowAction.OverwriteAsNeeded
Console.WriteLine(ControlChars.Tab + _
" If number of entries equals max size limit, a new event log entry overwrites the oldest entry.")
Case Else
End Select
Next e
End Sub
Remarks
The array of EventLog objects is a snapshot of all event logs on the local computer when the call to GetEventLogs is made. This is not a dynamic collection, so it does not reflect the deletion or creation of logs in real time. You should verify that a log in the array exists before you read or write to it. The array usually includes at least three logs: Application, System, and Security. If you created custom logs on the local computer, they will appear in the array as well.
To retrieve the list of event logs, you must have the appropriate registry permissions. These permissions are identical to those required to call Exists and SourceExists.