{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 成全新的幸福 的问题《Subscribe to Non System (Custom) Events in》','https://www.manongdao.com/q-684591.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to raise an event whenever a new log entry is added to a particular event log file in windows event viewer. I am trying to do something similar to what is mentioned here. http://msdn.microsoft.com/en-us/library/bb671202.aspx
Here is my code:
static void Main()
{
EventLogWatcher watcher = null;
try
{
EventLogQuery eventQuery = new EventLogQuery("C:\\Windows\\System32\\winevt\\Logs\\Admin.evtx", PathType.FilePath);
EventLogReader logReader = new EventLogReader(eventQuery);
DisplayEventAndLogInformation(logReader);// this successfully opens the log and shows all logged events.
watcher = new EventLogWatcher(eventQuery);
watcher.EventRecordWritten +=
new EventHandler<EventRecordWrittenEventArgs>(SomeEvent);
watcher.Enabled = true; // here i get an unhandled exception which is as below:
} //exception handling omitted here for conciseness
public static void SomeEvent(Object obj, EventRecordWrittenEventArgs arg){}
public static void DisplayEventAndLogInformation(EventLogReader logReader){}
I cannot use PathType.LogName as this is not a standard system log and it doesn't have a corresponding registry key under
HKLM/System/CurrentControlSet/Services/EventLog
. This code works fine when I use a Logname like "System" or "Application" but it fails when I use their corresponding PathType.FilePath. I want it to work with PathType.FilePath and trigger events whenever a particular query(not mentioned here) is entered into the log. Any inputs on why this code is not working would be great!
Why am I getting "channel path inavalid" errors when the DisplayEventAndLogInformation method perfectly works fine?
Exception Message:
System.Diagnostics.Eventing.Reader.EventLogException: The specified channel path is invalid at System.Diagnostics.Eventing.Reader.EventLogException.Throw(Int32 errorCode ) at System.Diagnostics.Eventing.Reader.NativeWrapper.EvtSubscribe(EventLogHand le session, SafeWaitHandle signalEvent, String path, String query, EventLogHandl e bookmark, IntPtr context, IntPtr callback, Int32 flags) at System.Diagnostics.Eventing.Reader.EventLogWatcher.StartSubscribing() at System.Diagnostics.Eventing.Reader.EventLogWatcher.set_Enabled(Boolean val ue) at eventlogreader.Program.Main() in C:\Users\username\documents\visual studio 2010\Projects\eventlogreader\eventlogreader\Program.cs:line 40 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args ) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySec urity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionCo ntext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C ontextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C ontextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()