All geek questions in one place

How to list all registered sources for EventLog

If I select the Application filter in the EventLog viewer, I can see many sources registered in the Application log. How can I programmatically list all of these sources through C #? And it seems that I can not register my own evento source with the magazine "Application" and "System", why?

BTW: The concept of "source of events" is really confusing ...

+3
source share
3 answers

There may be a more suitable .NET or Windows API that you could reference, but the information is ultimately stored in the registry under the key Eventlog. Service Key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog

Most connections under this key will be various event logs in the system, including Systemand Application. For each journal, it will contain many additional subsections that represent registered sources for this journal. So just list the subsections to get a list.

On XP / 2003 operating systems, the journal unit also contains a REG_MULTI_SZ value with a name Sourcesthat must match the list of source subkeys. This value is no longer used on Win7 / 2008 R2 computers (not sure about Vista).

+3
source

. :

  • , . ( SourceName, EventLog)
  • admin privilges . /Windows -Settings:
    <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges>
  • , , .
  • , () .
Imports System.Diagnostics
Imports  Microsoft.Win32

Public Class ClsEventSources

Friend Class MySourcesInfo
  Friend LogName As String
  Friend SourceName As String
End Class

Private MyEventLogList As New List(Of EventLog)
Private MySourceList As New List(Of MySourcesInfo)

Private Const RegEventLogPath As String = "SYSTEM\CurrentControlSet\Services\Eventlog\"

  Private Sub New()

    MyEventLogList = EventLog.GetEventLogs.ToList

    For Each Ev In MyEventLogList 

        For Each SubKeyName In _
           Registry.LocalMachine.OpenSubKey(RegEventLogPath & _
                                  Ev.Log).GetSubKeyNames

            MySourceList.Add(New MySourcesInfo With _
                      {.LogName = Ev.Log, .SourceName = SubKeyName})
        Next     

    Next

  End Sub

End Class
+1

See the documentation for the System.Diagnostics.EventLog class, which should show everything.

0
source

Source: https://habr.com/ru/post/1734437/

More articles:


All Articles