Udostępnij za pośrednictwem


How to: Access and Read Event Information

When you obtain an event instance from an event query or subscription, you can read the value of the event properties. To do this, get the XML representation of the event or specify the name of the property to be read.

For more information about how to query for events, see How to: Query for Events. For more information about how to subscribe to events, see How to: Subscribe to Events in an Event Log.

Example

Description

The following code example queries for all the level 2 events in the Application log, and then displays the XML representation for each event. Each event instance returned from the event query is represented by an EventRecord instance. The ToXml method is called to obtain the XML representation of the event.

Code

Imports System
Imports System.Text
Imports System.Diagnostics.Eventing.Reader
Imports System.Xml

Public Class ReadEventXmlExample

    Public Overloads Shared Function Main( _
    ByVal args() As String) As Integer

        Dim logName As String = "Application"
        Dim queryString As String = "*[System/Level=2]"

        Dim eventsQuery As New EventLogQuery(logName, _
            PathType.LogName, queryString)

        Dim logReader As EventLogReader
        Console.WriteLine("Querying the Application channel event log for all events...")
        Try

            ' Query the log and create a stream of selected events
            logReader = New EventLogReader(eventsQuery)

        Catch e As EventLogNotFoundException

            Console.WriteLine("Failed to query the log!")
            Console.WriteLine(e)
            Return 1
        End Try

        Dim numberOfEvents As Integer = 0

        ' For each event returned from the query
        Dim eventInstance As EventRecord = logReader.ReadEvent()
        While Not eventInstance Is Nothing

            Dim eventXml As String = eventInstance.ToXml()
            Console.WriteLine("Event " & (++numberOfEvents) & " : " & _
                System.Environment.NewLine & eventXml)
            Console.WriteLine("---------------------------------")
            eventInstance = logReader.ReadEvent()
        End While

    End Function
End Class
using System;
using System.Text;
using System.Diagnostics.Eventing.Reader;
using System.Xml;

class ReadEventXmlExample
{
    static void Main(string[] args)
    {
        String logName = "Application";
        String queryString = "*[System/Level=2]";

        EventLogQuery eventsQuery = new EventLogQuery(logName,
            PathType.LogName, queryString);

        EventLogReader logReader;
        Console.WriteLine("Querying the Application channel event log for all events...");
        try
        {
            // Query the log and create a stream of selected events
            logReader = new EventLogReader(eventsQuery);
        }
        catch (EventLogNotFoundException e)
        {
            Console.WriteLine("Failed to query the log!");
            Console.WriteLine(e);
            return;
        }

        int numberOfEvents = 0;
        // For each event returned from the query
        for (EventRecord eventInstance = logReader.ReadEvent();
                eventInstance != null;
                eventInstance = logReader.ReadEvent())
        {
            String eventXml = eventInstance.ToXml();
            Console.WriteLine("Event " + (++numberOfEvents) + " : " + System.Environment.NewLine + eventXml);
            Console.WriteLine("---------------------------------");
            //Console.ReadLine();
        }
    }
}

Compiling the Code

This code example requires references to the System.dll and System.Core.dll files.

Example

Description

The following code example uses the EventLogPropertySelector class to render an event instance as a list of specified values. The specified values are the user that logged the event, the time the event was created, the event identifier, and the event record identifier.

Code

Imports System
Imports System.Collections.Generic
Imports System.Text
Imports System.Diagnostics.Eventing.Reader

Public Class ReadEventValuesExample

    Public Shared Function Main( _
    ByVal args() As String) As Integer

        Dim logName As String = "Application"
        Dim queryString As String = "*[System/Level=2]"

        Dim eventsQuery As New EventLogQuery(logName, _
            PathType.LogName, queryString)

        Dim logReader As EventLogReader
        Console.WriteLine("Querying the Application channel event log for all events...")

        Try
            ' Query the log
            logReader = New EventLogReader(eventsQuery)

        Catch e As EventLogNotFoundException

            Console.WriteLine("Failed to query the log!")
            Console.WriteLine(e)
            Return 1
        End Try

        '''''''
        ' This section creates a list of XPath reference strings to select
        ' the properties that we want to display
        ' In this example, we will extract the User, TimeCreated, EventID and EventRecordID
        '''''''
        ' Array of strings containing XPath references
        Dim xPathRefs(3) As String
        xPathRefs(0) = "Event/System/Security/@UserID"
        xPathRefs(1) = "Event/System/TimeCreated/@SystemTime"
        xPathRefs(2) = "Event/System/EventID"
        xPathRefs(3) = "Event/System/EventRecordID"

        ' Place those strings in an IEnumberable object
        Dim xPathEnum As IEnumerable(Of String) = xPathRefs
        ' Create the property selection context using the XPath reference
        Dim logPropertyContext As New EventLogPropertySelector(xPathEnum)

        Dim numberOfEvents As Integer = 0

        ' For each event returned from the query
        Dim eventInstance As EventLogRecord = logReader.ReadEvent()
        While Not eventInstance Is Nothing
            Dim logEventProps As IList(Of Object)

            Try
                ' Cast the EventRecord into an EventLogRecord to retrieve property values.
                ' This will fetch the event properties we requested through the
                ' context created by the EventLogPropertySelector
                logEventProps = eventInstance.GetPropertyValues(logPropertyContext)
                Console.WriteLine("Event {0} :", ++numberOfEvents)
                Console.WriteLine("User: {0}", logEventProps(0))
                Console.WriteLine("TimeCreated: {0}", logEventProps(1))
                Console.WriteLine("EventID: {0}", logEventProps(2))
                Console.WriteLine("EventRecordID : {0}", logEventProps(3))

                ' Event properties can also be retrived through the event instance
                Console.WriteLine("Event Description:" + eventInstance.FormatDescription())
                Console.WriteLine("MachineName: " + eventInstance.MachineName)

            Catch e As EventLogException
                Console.WriteLine("Couldn't render event!")
                Console.WriteLine("Exception: Event {0} may not have an XML representation \n\n", ++numberOfEvents)
                Console.WriteLine(e)
            End Try

            eventInstance = logReader.ReadEvent()
        End While
    End Function
End Class
using System;
using System.Collections.Generic;
using System.Text;
using System.Diagnostics.Eventing.Reader;

class ReadEventValuesExample
{
    static void Main(string[] args)
    {
        String logName = "Application";
        String queryString = "*[System/Level=2]";

        EventLogQuery eventsQuery = new EventLogQuery(logName,
            PathType.LogName, queryString);

        EventLogReader logReader;
        Console.WriteLine("Querying the Application channel event log for all events...");
        try
        {
            // Query the log
            logReader = new EventLogReader(eventsQuery);
        }
        catch (EventLogNotFoundException e)
        {
            Console.WriteLine("Failed to query the log!");
            Console.WriteLine(e);
            return;
        }

        //////
        // This section creates a list of XPath reference strings to select
        // the properties that we want to display
        // In this example, we will extract the User, TimeCreated, EventID and EventRecordID
        //////
        // Array of strings containing XPath references
        String[] xPathRefs = new String[4];
        xPathRefs[0] = "Event/System/Security/@UserID";
        xPathRefs[1] = "Event/System/TimeCreated/@SystemTime";
        xPathRefs[2] = "Event/System/EventID";
        xPathRefs[3] = "Event/System/EventRecordID";
        // Place those strings in an IEnumberable object
        IEnumerable<String> xPathEnum = xPathRefs;
        // Create the property selection context using the XPath reference
        EventLogPropertySelector logPropertyContext = new EventLogPropertySelector(xPathEnum);

        int numberOfEvents = 0;
        // For each event returned from the query
        for (EventRecord eventInstance = logReader.ReadEvent();
                eventInstance != null;
                eventInstance = logReader.ReadEvent())
        {
            IList<object> logEventProps;
            try
            {
                // Cast the EventRecord into an EventLogRecord to retrieve property values.
                // This will fetch the event properties we requested through the
                // context created by the EventLogPropertySelector
                logEventProps = ((EventLogRecord)eventInstance).GetPropertyValues(logPropertyContext);
                Console.WriteLine("Event {0} :", ++numberOfEvents);
                Console.WriteLine("User: {0}", logEventProps[0]);
                Console.WriteLine("TimeCreated: {0}", logEventProps[1]);
                Console.WriteLine("EventID: {0}", logEventProps[2]);
                Console.WriteLine("EventRecordID : {0}", logEventProps[3]);

                // Event properties can also be retrived through the event instance
                Console.WriteLine("Event Description:" + eventInstance.FormatDescription());
                Console.WriteLine("MachineName: " + eventInstance.MachineName);
            }
            catch (Exception e)
            {
                Console.WriteLine("Couldn't render event!");
                Console.WriteLine("Exception: Event {0} may not have an XML representation \n\n", ++numberOfEvents);
                Console.WriteLine(e);
            }
        }
    }
}

Compiling the Code

This example requires references to the System.dll and System.Core.dll files.

See Also

Concepts

Event Log Scenarios

Send comments about this topic to Microsoft.

Copyright © 2007 by Microsoft Corporation. All rights reserved.