All about Event Logs like what is EventLog, types, where we can find logs and mainly how to create, how to handle in c#(Windows) application, information about namespace, class, methods, properties and events used to control, discussed with simple examples, finally tells about advantages and disadvantages.
Windows Event logs are special files that records information about software or hardware from significant events on your computer. When system or application encounters with an error, warning or information that can be logged into these files. This is standard way to create logs, view, customize, clear and set the properties for your application events. You can easily trace the event logs for any trouble shooting problem and also you can save important information into logs.
Windows logs mainly includes following tracks to differentiate the logs:
Application : Events provide application level information such as error, warning, or information, depending on the severity of the event. The event can be logged from program, driver, or service.
Security : Event depends windows security level. If fails to login or any other authentication issue will be logged to this.
Setup : Some additional logs.
System : Services or system service related events logged here.
Forwarded Events : Logged events forwarded from other computers.
Start button-> Control Panel-> Administrative Tools-> Event Viewer.
If you want see the details of particular log Windows logs-> Application/System double click on log.
Event viewer executable name is mmc.exe. You can run it from command line.
Log Name: Application/Security/Setup/System
Source: Source of Event
Date: event occurred date
Event ID: related event id
Task Category: category of the event
Level: Error/Warning/Information
Keywords: Audit Success/Classic
User: user name
Computer: computer name
Description: description about event
And also some more details
The System.Diagnostics namespace provides classes that allow you to interact with event logs. You can handle most of event log related operations by using these classes.
Namespace: System.Diagnostics
Assembly: System.dll
*EventInstance Class
*EventLog Class
*EventLogEntry Class
*EventLogEntryCollection Class
*EventLogEntryType Enumeration
*EventLogInstaller Class
*EventLogPermission Class
*EventLogPermissionAccess Enumeration
*EventLogPermissionAttribute Class
*EventLogPermissionEntry Class
*EventLogPermissionEntryCollection Class
*EventLogTraceListener Class
*EventSchemaTraceListener Class
*EventSourceCreationData Class
*EventTypeFilter Class
In this article only described about EventLog class and listed the static methods. Each static method provides deferent function to interact with event logs.
EventLog lets you access or customize Windows event logs, which record information about important software or hardware events. Using EventLog, you can read from existing logs, write entries to logs, create or delete event sources, delete logs, and respond to log entries. You can also create new logs when creating an event source.
The following example creates the event source if it does not already exist, and writes an entry to the event log.
EventLog Static Method Name and C# Syntax
If your application performing a important event that is going to be a use full in future for troubleshooting the problem than it is better to create a event log. Not only error message, we can store information, warning, status or properties can create as a logged, This is very standard way to trace the application events and windows provides a informative event viewer, easily we can fetch all details.
At the same time creating event logs leads unusual issues. If you store very important information into logs after a time period may logs over written or easily deleted or cleared again getting back is impossible. Event logging consumes disk space, processor time, and other system resources. It is important to log only essential information. It is recommended that you place event log calls in an error path, rather than in the main code path, so as not to adversely affect performance.
What is Windows Event Logs?
Windows Event logs are special files that records information about software or hardware from significant events on your computer. When system or application encounters with an error, warning or information that can be logged into these files. This is standard way to create logs, view, customize, clear and set the properties for your application events. You can easily trace the event logs for any trouble shooting problem and also you can save important information into logs.
Types of Event Logs
Windows logs mainly includes following tracks to differentiate the logs:
Application : Events provide application level information such as error, warning, or information, depending on the severity of the event. The event can be logged from program, driver, or service.
Security : Event depends windows security level. If fails to login or any other authentication issue will be logged to this.
Setup : Some additional logs.
System : Services or system service related events logged here.
Forwarded Events : Logged events forwarded from other computers.
Now the question is, where can I see the event logs on my computer?
Start button-> Control Panel-> Administrative Tools-> Event Viewer.
If you want see the details of particular log Windows logs-> Application/System double click on log.
Event viewer executable name is mmc.exe. You can run it from command line.
What we can find from Event Logs?
Log Name: Application/Security/Setup/System
Source: Source of Event
Date: event occurred date
Event ID: related event id
Task Category: category of the event
Level: Error/Warning/Information
Keywords: Audit Success/Classic
User: user name
Computer: computer name
Description: description about event
And also some more details
Control Event Logs in C#(Windows) Application
The System.Diagnostics namespace provides classes that allow you to interact with event logs. You can handle most of event log related operations by using these classes.
Namespace: System.Diagnostics
Assembly: System.dll
List of Event Log Classes
*EventInstance Class
*EventLog Class
*EventLogEntry Class
*EventLogEntryCollection Class
*EventLogEntryType Enumeration
*EventLogInstaller Class
*EventLogPermission Class
*EventLogPermissionAccess Enumeration
*EventLogPermissionAttribute Class
*EventLogPermissionEntry Class
*EventLogPermissionEntryCollection Class
*EventLogTraceListener Class
*EventSchemaTraceListener Class
*EventSourceCreationData Class
*EventTypeFilter Class
In this article only described about EventLog class and listed the static methods. Each static method provides deferent function to interact with event logs.
EventLog Class
EventLog lets you access or customize Windows event logs, which record information about important software or hardware events. Using EventLog, you can read from existing logs, write entries to logs, create or delete event sources, delete logs, and respond to log entries. You can also create new logs when creating an event source.
The following example creates the event source if it does not already exist, and writes an entry to the event log.
using System;
using System.Diagnostics;
using System.Threading;
class CreateEventSource{
public static void Main(){
string sourceName ="SourceName" ;
string myLog = "MyLog";
string eventEntry = "Entry to MyLog";
//create the source, if not exists by using static method CreateEventSource
if(!EventLog.SourceExists(sourceName))
{
EventLog.CreateEventSource(sourecName, myLog);
return;
}
EventLog myEventLog = new EventLog();
//assign the source name to created event log
myEventLog.Source = sourceName;
//write the entry to log
myEventLog.WriteEntry(eventEntry);
}
}
List of Static methods present in EventLog class
EventLog Static Method Name and C# Syntax
CreateEventSource(EventSourceCreationData)
public static void CreateEventSource(
EventSourceCreationData sourceData
)
CreateEventSource(String, String)
public static void CreateEventSource(
string source,
string logName
)
CreateEventSource(String, String, String)
public static void CreateEventSource(
string source,
string logName,
string machineName
)
Delete(String)
public static void Delete(
string logName
)
Delete(String, String)
public static void Delete(
string logName,
string machineName
)
DeleteEventSource(String)
public static void DeleteEventSource(
string source
)
DeleteEventSource(String, String)
public static void DeleteEventSource(
string source,
string machineName
)
Exists(String)
public static bool Exists(
string logName
)
Exists(String, String)
public static bool Exists(
string logName,
string machineName
)
GetEventLogs()
public static EventLog[] GetEventLogs()
GetEventLogs(String)
public static EventLog[] GetEventLogs(
string machineName
)
LogNameFromSourceName
public static string LogNameFromSourceName(
string source,
string machineName
)
SourceExists(String)
public static bool SourceExists(
string source
)
SourceExists(String, String)
public static bool SourceExists(
string source,
string machineName
)
WriteEntry(String, String)
public static void WriteEntry(
string source,
string message
)
WriteEntry(String, String, EventLogEntryType)
public static void WriteEntry(
string source,
string message,
EventLogEntryType type
)
WriteEntry(String, String, EventLogEntryType, Int32)
public static void WriteEntry(
string source,
string message,
EventLogEntryType type,
int eventID
)
WriteEntry(String, String, EventLogEntryType, Int32, Int16)
public static void WriteEntry(
string source,
string message,
EventLogEntryType type,
int eventID,
short category
)
WriteEntry(String, String, EventLogEntryType, Int32, Int16, Byte[])
public static void WriteEntry(
string source,
string message,
EventLogEntryType type,
int eventID,
short category,
byte[] rawData
)
WriteEvent(String, EventInstance, Object[])
public static void WriteEvent(
string source,
EventInstance instance,
params Object[] values
)
WriteEvent(String, EventInstance, Byte[], Object[])
public static void WriteEvent(
string source,
EventInstance instance,
byte[] data,
params Object[] values
)
Advantages and Disadvantages of using EventLogs
If your application performing a important event that is going to be a use full in future for troubleshooting the problem than it is better to create a event log. Not only error message, we can store information, warning, status or properties can create as a logged, This is very standard way to trace the application events and windows provides a informative event viewer, easily we can fetch all details.
At the same time creating event logs leads unusual issues. If you store very important information into logs after a time period may logs over written or easily deleted or cleared again getting back is impossible. Event logging consumes disk space, processor time, and other system resources. It is important to log only essential information. It is recommended that you place event log calls in an error path, rather than in the main code path, so as not to adversely affect performance.
Comments
Post a Comment