Working With EventViewer Using C# For Beginners

Introduction

There are several phases of an Application's development. It does not end with deploying the application on the production servers. Another very important phase is when a problem surfaces after deployment, how quickly the problem can be resolved and according to the severity of the issue (if required) a patch can be deployed to production. Apart from this, we also want notification of all issues occurring in production and correspondingly analyzed and taken care of in future releases. We can also log other details that could be useful to check the status of the application.

Looking into Event Viewer

As we know, the Windows operating system itself logs all the details in the Event Viewer whenever a problem occurs. We go directly to check the Event Viewer. The Event Log Service records the application, security, and system events in the Event Viewer. We can use the same Event Viewer to log details of our applications. .NET provides very friendly APIs to connect, log and read the Event Viewer. In this article we'll learn how to use the Event Viewer for our applications.

Let's have a look at the Windows 8 event log viewer.

1.png

This screen got a new look and all the events are grouped in four at a high level as we can see in the screen shot. Custom Views contains custom views created by the user. The Windows log contains the event details of the Windows operating system. If we go to the inner details then it is divided into the four categories Application, Security, Setup, System and Forwarded events. These contain the details as their name suggest.  Another top-level group is named Applications and the service logs contains the log details of several applications installed on the machine, like Office and SQL Server. An application that is installed on the machine uses this group to create the event logs as already named a few. It becomes very easy to go there the event logs for any specific application.

Working with Event Viewer

Now let's jump to a demo.  We need to add the namespace System.Diagnostics to work with the Event Viewer. Also, there are five kinds of events that can be created in the Event Viewer. These are:

  1. information
  2. SuccessAudit
  3. Warning
  4. FailureAudit
  5. Error

Creating an Entry in Event Log

We can use these event types based on the type of entry that we are creating. So now let us create an entry in the event log:

// Create an EventLog instance and assign its source.
EventLog eventLog =new EventLog();
eventLog.Source ="NewSource";
// Write an entry in the event log.
eventLog.WriteEntry("This is a warning generated by the application.", EventLogEntryType.Warning, 1001);

In the code above, we have created an instance of an EventLog and assigned the source property with some source name. Then the WriteEntry method is responsible for writing an entry in the event log. This method has many overloads. Here we have provided the message, event log type and eventId. We can provide just a message but that will be of default type information. When we run the code above, it creates the entry as:

2.png

Every event type has a different icon. In the above we create it as a warning.

But here this has just created an entry that is visible under "WindowsLog" -> "System". But this certainly should not be a part of it otherwise we may encouther difficulties while finding the events that are specific to our application. So we should create a separate group for our application and all the events should be part of that. 

Creating an Entry in a new Event Log

We need to create a new source and new log name. Then use this log for creating the entries. So let's jump to write the code.

// Create the source and log, if it does not already exist.
if (!EventLog.SourceExists("MySource"))
{
    EventLog.CreateEventSource("MySource","MyNewLog");
}
// Create an EventLog instance and assign its source.
EventLog eventLog =new EventLog();
// Setting the source
eventLog.Source ="MySource";
// Write an entry to the event log.
eventLog.WriteEntry("An error has been generated by the application.", EventLogEntryType.Error, 1002);

Here if we checked if the source does exist then we created a source with the log name. Then while creating the EventLog, we provide the same source and call the write entry method. In this method, I provided the EventLogEntryType as error and the eventid that I gave is 1002. I have run the code and let's see the Event Viewer again.

3.png

Yes, a new error entry is created in a new log named MyNewLog that we provided while creating it. And here MyNewLog is created under Applications and service logs.

I have already created log entries of type error and warning. We have seen the icon is also different of these two. Similarly other types of entries can be created as well. Now let us see how to remove these from the log and even remove the log itself.

Clear the Event Log

Clearing the event log is very easy and we need to provide the source of the log to clear it. The code can be written as:

EventLog eventLog =new EventLog();
// Setting the source
eventLog.Source ="MySource";
eventLog.Clear();

Delete the Event Source

The code above removes all the entries from the log that we created in MyNewLog. Similarly we remove the source and the log itself as in the following:

if (EventLog.SourceExists("MySource"))
{
    EventLog.DeleteEventSource("MySource");
}

Delete the Log

The code above removes the source. Now to remove the log (since we created MyNewLog in this article) we can write the code as in the following:

if (EventLog.Exists("MyNewLog"))
{
    // Delete Source
    EventLog.Delete("MyNewLog");
}

Similarly, there are other options available that can be used.

Reading Event Viewer

Now we have discussed creating and edit operations. Now we will see how to read the existing logs . We might need to see the logs from the server as we might not have access to the server. So in those scenario, we can read the logs.

EventLog myLog =new EventLog();
myLog.Log ="MyNewLog";
foreach (EventLogEntry entry in myLog.Entries)
{
    // Read event log entry details
}

The code above reads all the entries from the log named MyNewLog. The entry object contains all the information of that log entry.

Hope this article will be useful to all of you.

Cheers,


Similar Articles