Event Log message missing

[Guest]

I have a small app which tries reading the system, application, and security
event logs within Vista. Many of the event logs return with a generic
sentance indicating that:

"The description for Event ID '1073742825' in Source 'LoadPerf' cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display the message, or you may not have permission to
access them."

The Event ID and Source differ from log to log but in all cases the
reported Event ID in the message does not match the actual Event ID shown by
Vista. Many times the Event ID within the message is a negative number.

I don't have control over the "number" within the message. I believe the
reason for this message appearing is because the "bad" Event ID in the
message doesn't correspond to any valid Event ID that Vista understands. Has
anyone seen this before?

Here is a code snippet that shows the problem.

EventLogPermission elPermission = new
EventLogPermission(PermissionState.Unrestricted);
System.Diagnostics.EventLog eLog = new EventLog("System", ".");
EventLogEntryCollection logs = eLog.Entries;
foreach (EventLogEntry entry in logs)
{
Debug.WriteLine(entry.Message);
}

 

[Willy Denoyette [MVP]]

I have a small app which tries reading the system, application, and
security
event logs within Vista. Many of the event logs return with a generic
sentance indicating that:

"The description for Event ID '1073742825' in Source 'LoadPerf' cannot be
found. The local computer may not have the necessary registry information
or
message DLL files to display the message, or you may not have permission
to
access them."

The Event ID and Source differ from log to log but in all cases the
reported Event ID in the message does not match the actual Event ID shown
by
Vista. Many times the Event ID within the message is a negative number.

I don't have control over the "number" within the message. I believe the
reason for this message appearing is because the "bad" Event ID in the
message doesn't correspond to any valid Event ID that Vista understands.
Has
anyone seen this before?

Here is a code snippet that shows the problem.

EventLogPermission elPermission = new
EventLogPermission(PermissionState.Unrestricted);
System.Diagnostics.EventLog eLog = new EventLog("System", ".");
EventLogEntryCollection logs = eLog.Entries;
foreach (EventLogEntry entry in logs)
{
Debug.WriteLine(entry.Message);
}

Vista uses a redesigned Eventlog system, you'll have to use the
"System.Diagnostics.Eventing.Reader" namespace classes to accurately
read/manage Eventlog messages on Vista, this namespace is part of the
upcoming Framework version 3.5.

Willy.

 

[Guest]

I believe the .NET Framework 3.5 is in beta testing. Do you know whent the
final version will be released?

 

[Guest]

Does Orca Beta 1 contain this feature?

 

[Willy Denoyette [MVP]]

I believe the .NET Framework 3.5 is in beta testing. Do you know whent the
final version will be released?

MS did not announce any release date yet, my best guess is beta 2 Q3 2007,
RTM Q1 2008.
Note that you don't have to wait for V3.5 if you *really* need to, you can
call into the "Windows Eventing" API's (wevtapi.dll) through PInvoke to
achieve your goal.

Willy.

 

[Ignacio Machin \( .NET/ C# MVP \)]

Hi,

Vista uses a redesigned Eventlog system, you'll have to use the
"System.Diagnostics.Eventing.Reader" namespace classes to accurately
read/manage Eventlog messages on Vista, this namespace is part of the
upcoming Framework version 3.5.

Willy.

So this mean that there is no way of reading events using the current 1.1 or
2.0 based code?

 

[Willy Denoyette [MVP]]

Hi,


So this mean that there is no way of reading events using the current 1.1
or 2.0 based code?

Well, you can use System.Management for this.

...
SelectQuery query = new SelectQuery("select * from Win32_NTLogEvent where
LogFile = 'System'");
using(ManagementObjectSearcher searcher = new
ManagementObjectSearcher(query))
{
foreach (ManagementObject logMessage in searcher.Get()) {
Console.WriteLine("Eventcode: {0} - Description : {1} ",
logMessage["EventCode"], logMessage["Message"]);
}
}
....
A second option is to "PInvoke" the Windows Eventing API's , or, you'll have
to live with the issue until 3.5 becomes available.
Note also that there should be no problem when reading your own logs, this
only applies to the System, Application and Security logs.

Willy.

 

[Guest]

Hi Willy,

I installed VS2008 Beta 2 and .Net Frameworks 3.5 onto my system. There
doesn't appear to be a System.Diagnotics.Eventing class within the
documentation. Could it have been renamed or relocated?

 

[Walter Wang [MSFT]]

Hi Steve,

The System.Diagnostics.Eventing namespace resides in assembly System.Core,
which is referenced by default in a VS2008 application. Try to use Object
Browser to search it.

The msdn2.microsoft.com seems hasn't included the documentation of this
namespace, currently you can only find the documentation in the MSDN which
you installed from VS2008 beta2 DVD.

Hope this helps.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Walter, I did indeed find the class via the browser. The issue I am having
is that I cannot seem to include it in code.

I've included "using System.Diagnostics" but it doesn't see it. I tried
"using System.Diagnostics.Eventing" and "using
System.Diagnostics.Eventing.Reader" but nothing seems to work. The
System.Diagnostics namespace only includes subcategories of CodeAnalysis and
SystemStore.

Do you know how I can actually reference the EventLogReader class to use it
in code?

 

[Guest]

I found my answer. I went into the "Properties" for my project and change
the "Target Framework" from .NET Framework 2.0 to .NET Framework 3.5. Now it
compiles just fine.

Thanks for all your help.

 

[Walter Wang [MSFT]]

Hi Steve,

Thanks for the update.

VS2008 can now specify target Framework version in a project, when you
create a project from the "New Project" wizard, you can choose from 2.0,
3.0 and 3.5 in the
top-right corner combox. You can also change it from the project's
properties dialog.

#LukeH's WebLog : .NET Framework Multitargeting in Visual Studio 2008 (aka
Orcas)
http://blogs.msdn.com/lukeh/archive/2007/06/29/net-framework-multitargeting-
in-visual-studio-2008-aka-orcas.aspx




Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[rob simon]

How would you "PInvoke" the event API's for Vista? I have used the API
in C++ but I need to port this to VB and have had no luck so far.

Could you show me how to declare the functions in visual basic?