programmatically export the event log

L

Lee Crabtree

Is there some way to export an event log to a .evt file? I ask because
what we're trying to set up is a really easy way for a user to email the
contents of our event log back to us in the event of some problem.
Emailing isn't a big deal, the SmtpClient class is a breeze, and working
with the EventLog class hasn't been a problem up to now. However, I
can't find any functionality that exports logs.

If I was in a particularly masochistic mood, I could always read the
entries in the log one at a time and build a CSV file, but firstly,
importing a CSV file into the event log viewer doesn't seem to work, and
secondly, there's no reason I should have to do that much work to get
something like this.

Anybody have an answer?

Lee Crabtree
 
M

Michael Nemtsev

Hello Lee,

why not to mail the copy of .evt file?

LC> Is there some way to export an event log to a .evt file? I ask
LC> because what we're trying to set up is a really easy way for a user
LC> to email the contents of our event log back to us in the event of
LC> some problem. Emailing isn't a big deal, the SmtpClient class is a
LC> breeze, and working with the EventLog class hasn't been a problem up
LC> to now. However, I can't find any functionality that exports logs.
LC>
LC> If I was in a particularly masochistic mood, I could always read the
LC> entries in the log one at a time and build a CSV file, but firstly,
LC> importing a CSV file into the event log viewer doesn't seem to work,
LC> and secondly, there's no reason I should have to do that much work
LC> to get something like this.
LC>
LC> Anybody have an answer?
LC>
LC> Lee Crabtree
LC>
---
WBR,
Michael Nemtsev [C# MVP] :: blog: http://spaces.live.com/laflour

"At times one remains faithful to a cause only because its opponents do not
cease to be insipid." (c) Friedrich Nietzsche
 
T

Tom Porterfield

Lee said:
Is there some way to export an event log to a .evt file? I ask because
what we're trying to set up is a really easy way for a user to email the
contents of our event log back to us in the event of some problem.
Emailing isn't a big deal, the SmtpClient class is a breeze, and working
with the EventLog class hasn't been a problem up to now. However, I
can't find any functionality that exports logs.

If I was in a particularly masochistic mood, I could always read the
entries in the log one at a time and build a CSV file, but firstly,
importing a CSV file into the event log viewer doesn't seem to work, and
secondly, there's no reason I should have to do that much work to get
something like this.

Anybody have an answer?
Click to expand...

What about grabbing and sending the actual log file on the machine? These
are stored in %windir%\system32\config.
 
L

Lee Crabtree

Seriously? Rock and roll! I thought they were buried in some deep
crevasse, guarded by a great Sphinx that eats anyone who can't answer
his fiendish riddle.

Thanks.

Lee Crabtree
 
L

Lee Crabtree

Actually, I've run into a problem with this. Grabbing the actual file
is out, as it's in use (obviously) by the system. So I genned up a
quick temp file, did a copy into it, and emailed that. The emailing
worked just fine, but for some reason, the log file is always corrupted.

Any clues?

Lee Crabtree
 
L

Lee Crabtree

WMI isn't helping much. The BackupLogFile function consistently gives
me an "Access Denied" exception, and the Copy function gives me a .evt
file that I can't open in the Windows Event Viewer. Manually copying
the actual log file gives me a file that also doesn't open in the Event
Viewer. However, if I go into the Event Viewer and save a log file
through the context menu, I can open the resulting log file just fine.

What on EARTH is going on here?

Lee Crabtree
 
W

Willy Denoyette [MVP]

Lee Crabtree said:
WMI isn't helping much. The BackupLogFile function consistently gives me an "Access
Denied" exception, and the Copy function gives me a .evt file that I can't open in the
Windows Event Viewer. Manually copying the actual log file gives me a file that also
doesn't open in the Event Viewer. However, if I go into the Event Viewer and save a log
file through the context menu, I can open the resulting log file just fine.

What on EARTH is going on here?
Click to expand...

Using "BackupEventLog" in WMI you'll need to enable the 'required' privilege by setting the
EnablePrivileges to true.

Say that eventLog refers to your eventlog ManagementObject instance, then you'll have to
enable the required secuity privilege (in this case - SeBackupPrivilege) like this:

eventLog.Scope.Options.EnablePrivileges=true;

Willy.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Exporting the System/Application event log 1
save event log file in c# 1
More Custom install action does not register event log sources 1
Reading the Windows Event Log 1
Windows Service - Event Log 27
Event Log message missing 12
Users writing to the event log 1
Delegates and Events: Why we need the event keyword 2

Top