Thursday, March 1, 2012

C#: EventViewer Program (Part 1) - Reading Windows Event Logs

Yesterday at work, I had an idea - create an event log viewer to retrieve Windows event logs. Below is how I did it. Enjoy()!

Controls used:
  • EventLog component called "myEvents"
  • ListBox control called ListBox1
  • Button control called btnReadEvents
  • TextBox control called txtNumEvents

Variables used:
  • Integer "i", as a loop counter.
  • Integer nEvents, as loop control (which = txtNumEvents as Int).

Here is the project in Run mode for the first time.

It works by entering a number into the TextBox (txtNumEvents), then clicking the "Read Events" ("btnReadEvents"). The program then takes the number from the TextBox ("txtNumEvents") and converts it to an integer (stored in the nEvents variable).

Afterwards, it starts a counted For-Each loop, iterating through all events in the Event Logs in Windows. The loop exits when the number of events read equals the value of nEvents (from the TextBox).

Here is the code for the "Read Events" button's _Click() event:

        private void btnReadEvents_Click(object sender, EventArgs e)
        {
            int i = 0;
            int nEvents = Convert.ToInt32(txtNumEvents.Text);

            EventLog myEvents = new EventLog("Application", "HUACSPMCRAPPDEV");
            Stopwatch logTimer = new Stopwatch();
            logTimer.Start();
            lblTimeProcessed.Text = "";

            foreach (System.Diagnostics.EventLogEntry entry in myEvents.Entries)
            {
                if (i < nEvents)
                {
                    // Add event fields to the listbox, separated by tabspace (\t).
                    ListBox1.Items.Add(entry.EventID 
                                        + "\t" + entry.EntryType
                                        + "\t" + entry.TimeGenerated 
                                        + "\t" + entry.Source 
                                        + "\t" + entry.Message);

                    // Increment control for loop, or it will pull the whole log.
                    i++;
                }
                else
                {
                    // Break out of loop when i = nEvents.
                    break;
                }
            }
            logTimer.Stop();
            lblTimeProcessed.Text = "Processing took " + logTimer.Elapsed.TotalSeconds.ToString() + " seconds.";
        }
And here is what it looks like after reading from the Event Logs:

It looks "uneven" because not all fields have information in them. I'll fix that next time.

4 comments:

  1. That looks like it could save time rather than have to wait for event viewer to load up the hundreds if not thousands or more events that it caches. About 2 years ago I did something like this for Perl but this is a lot easier to read than having to scroll through the command prompt.

    ReplyDelete
  2. The event viewer is horribly slow, especially when applying filters to all of those entries!

    I've written much more than what I posted here, but the "final goal" for this portion of the app is to pull the logs from about 12-15 servers. Checkboxes for which servers, what type of event (critical, error, warning, etc), and the date range (presets for 1 week, 2 weeks, 1 month, or custom), and a few other things.

    The entire purpose behind this app is to free up time spent going over each server's logs to view errors. I'm going to be using tabs on the main form, each tab being for a different task that I (try, time willing) do each morning: event logs from each server, SharePoint ULS logs from my SharePoint servers, SQL logs from the SQL servers, and backup logs from our storage system (which takes snapshots of each server nightly).

    It's a lot for one project, but the amount of time saved in the end will pay off! I'll post more once I find time to write it up, in the hopes that someone (in class or otherwise) learns something from it.

    ReplyDelete
  3. Can I get a sample code of this project, I see many loop holes in my code.

    ReplyDelete
    Replies
    1. Hitlo, the sample code is up above. All you need to do is add a text box, a button, a listbox, and an EventLog object to your form. Name the button "btnReadEvents", and then copy/paste the code that I listed into btnReadEvents_Click. Let me know if you need help.

      Delete