patterncsharpMinor
Reading event logs and acting when specific event is not present
Viewed 0 times
readingactingpresentlogswhenandnotspecificevent
Problem
I have a small application which is basically a
What I need it to do is query the event logs and check whether a specific event fired.
To achieve this I created the
```
class EventLogHelper
{
private readonly int Timespan;
private readonly string PcName;
private readonly string Filter;
public EventLogHelper()
{
Timespan = 30000;
PcName = Environment.MachineName;
Filter = $"*[System[(EventID='5061' or EventID='5058') and TimeCreated[timediff(@SystemTime)
/// Checks the event logs for remote pc and returns true if any of the events we are interested in fired.
/// This will try checking 30 times (or until the event is found) with a 1 second wait after each check.
///
public bool CheckEvents()
{
var query = BuildQuery(PcName, Filter);
for (var i = 0; i 0)
{
return true;
}
System.Threading.Thread.Sleep(1000);
}
return false;
}
///
/// Builds an EventLogQuery for the given pcname and filter. This user needs to be in the Event Log Readers security group.
///
private static EventLogQuery BuildQuery(string pcName, string filter)
{
var session = new EventLogSession();
using (var pw = GetPassword())
{
session = new EventLogSession(
pcName,
"DOMAIN",
"SystemAccount",
pw,
SessionAuthentication.Default);
}
return new EventLogQuery("Security", PathType.LogName, filter)
{ Session = session };
}
///
/// Execute the given EventLogQuery
///
private static EventLogReader QueryEvents(EventLogQuery query)
{
try
{
return new EventLogReader(query);
}
catch (Exception ex)
{
Email.Send($"Error
FileSystemWatcher which performs some operations when a file is updated. What I need it to do is query the event logs and check whether a specific event fired.
To achieve this I created the
EventLogHelper class: ```
class EventLogHelper
{
private readonly int Timespan;
private readonly string PcName;
private readonly string Filter;
public EventLogHelper()
{
Timespan = 30000;
PcName = Environment.MachineName;
Filter = $"*[System[(EventID='5061' or EventID='5058') and TimeCreated[timediff(@SystemTime)
/// Checks the event logs for remote pc and returns true if any of the events we are interested in fired.
/// This will try checking 30 times (or until the event is found) with a 1 second wait after each check.
///
public bool CheckEvents()
{
var query = BuildQuery(PcName, Filter);
for (var i = 0; i 0)
{
return true;
}
System.Threading.Thread.Sleep(1000);
}
return false;
}
///
/// Builds an EventLogQuery for the given pcname and filter. This user needs to be in the Event Log Readers security group.
///
private static EventLogQuery BuildQuery(string pcName, string filter)
{
var session = new EventLogSession();
using (var pw = GetPassword())
{
session = new EventLogSession(
pcName,
"DOMAIN",
"SystemAccount",
pw,
SessionAuthentication.Default);
}
return new EventLogQuery("Security", PathType.LogName, filter)
{ Session = session };
}
///
/// Execute the given EventLogQuery
///
private static EventLogReader QueryEvents(EventLogQuery query)
{
try
{
return new EventLogReader(query);
}
catch (Exception ex)
{
Email.Send($"Error
Solution
Your method
Isn't it the same as the following ?!
ReadLogs is a little ridiculousprivate static int ReadLogs(EventLogReader logReader)
{
var count5058 = 0;
var count5061 = 0;
EventRecord entry;
while ((entry = logReader.ReadEvent()) != null)
{
if (entry.Id == 5058)
{
count5058++;
}
else
{
count5061++;
}
}
return count5058 + count5061;
}Isn't it the same as the following ?!
private static int ReadLogs(EventLogReader logReader)
{
var count = 0;
EventRecord entry;
while ((entry = logReader.ReadEvent()) != null)
{
count++;
}
return count;
}Code Snippets
private static int ReadLogs(EventLogReader logReader)
{
var count5058 = 0;
var count5061 = 0;
EventRecord entry;
while ((entry = logReader.ReadEvent()) != null)
{
if (entry.Id == 5058)
{
count5058++;
}
else
{
count5061++;
}
}
return count5058 + count5061;
}private static int ReadLogs(EventLogReader logReader)
{
var count = 0;
EventRecord entry;
while ((entry = logReader.ReadEvent()) != null)
{
count++;
}
return count;
}Context
StackExchange Code Review Q#136166, answer score: 4
Revisions (0)
No revisions yet.