logo
down
shadow

EventLogQuery does not return new event log records


EventLogQuery does not return new event log records

By : Only as a last resor
Date : November 19 2020, 03:59 PM
I hope this helps you . I know this is an old question, but it doesn't have an answer and I've been working in this area lately.
Possible issues with this code:
code :
.ToString("o") 
.ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
 string queryString = String.Format(
     "*[System[TimeCreated[@SystemTime>'{0}']]]",
     timeString);
 using (var logReader = new EventLogReader(query, EventBookmark))


Share : facebook icon twitter icon
EventLogQuery - How do I filter off certain events?

EventLogQuery - How do I filter off certain events?


By : Ariful Islam
Date : March 29 2020, 07:55 AM
around this issue The following query doesn't seem to filter off any events using EventLogQuery. , Stupid mistake. It should be EventID not ErrorID.
code :
*[System[(Level=1 or Level=2) and (ErrorID!=1001)]]
SQL Query to return records grouped by Week, Month, and Year. Weeks with no records should return 0

SQL Query to return records grouped by Week, Month, and Year. Weeks with no records should return 0


By : user2175854
Date : March 29 2020, 07:55 AM
hope this fix your issue Demo purpose I am using the Table name as [DBO].[FACTINTERNETSALES] and the column [ORDERDATE] For you the Column will be [CreatedDate]. Fyi, This is done in SQL Server.
code :
DECLARE @START INT,
        @END INT

SELECT @START   = CAST(CAST(MIN(ORDERDATE) AS DATETIME) AS INT) FROM [DBO].[FACTINTERNETSALES] 
SELECT @END     = CAST(CAST(MAX(ORDERDATE) AS DATETIME) AS INT) FROM [DBO].[FACTINTERNETSALES] 

--SELECT @START,@END

DECLARE @DATEDIM TABLE (ID INT IDENTITY(1,1) PRIMARY KEY, DATED DATETIME)
WHILE @START <= @END
BEGIN
    INSERT INTO @DATEDIM VALUES (CAST(@START AS DATETIME))
    SET @START = @START  + 1 
END

SELECT      LU.WEEK,LU.MONTH,LU.YEAR,ISNULL(MAIN.COUNT,0) [COUNT]
FROM        (
            SELECT      DATEPART(WEEK,DATED) [WEEK],DATEPART(MONTH,DATED) [MONTH],DATEPART(YEAR,DATED) [YEAR] 
            FROM        @DATEDIM
            GROUP BY    DATEPART(WEEK,DATED),DATEPART(MONTH,DATED),DATEPART(YEAR,DATED)) LU
LEFT JOIN
            (
            SELECT  [YEAR],[MONTH],[WEEK],COUNT(*) [COUNT] FROM
            (SELECT DATEPART(YEAR,ORDERDATE) [YEAR],
                    DATEPART(MONTH,ORDERDATE) [MONTH],
                    DATEPART(WEEK,ORDERDATE) [WEEK]
            FROM    [DBO].[FACTINTERNETSALES] ) LUINNER
            GROUP BY [YEAR],[MONTH],[WEEK]) MAIN 
ON
            LU.MONTH = MAIN.MONTH AND
            LU.YEAR = MAIN.YEAR AND
            LU.WEEK = MAIN.WEEK
ORDER BY    LU.YEAR,LU.MONTH,LU.WEEK
EventLogQuery not pulling results

EventLogQuery not pulling results


By : Otto Mattic
Date : March 29 2020, 07:55 AM
seems to work fine Here I made a helper to retrieve log from the event viewer, you can parametrized it quite easily
code :
public static void WriteEventViewerHistoryByTypes(IList<EventViewerCriticalityLevel> levelTypes, string logType, string filePath, IList<string> sources, DateTime? startDate = new System.Nullable<DateTime>(), DateTime? endDate = new System.Nullable<DateTime>())
    {
        if (levelTypes == null || levelTypes.Count == 0)
            levelTypes = new List<EventViewerCriticalityLevel> { EventViewerCriticalityLevel.Comment, EventViewerCriticalityLevel.Error, EventViewerCriticalityLevel.Fatal, EventViewerCriticalityLevel.Info, EventViewerCriticalityLevel.Warning };

        StringBuilder sb = new StringBuilder();
        sb.Append("<QueryList>");
        sb.AppendFormat("<Query Id=\"0\" Path=\"{0}\">", logType);
        sb.AppendFormat("   <Select Path=\"{0}\">", logType);
        sb.AppendFormat("   *[System[(");

        sb.AppendFormat("({0})", string.Join(" or ", levelTypes.Select(lev =>
           {

               if (lev == EventViewerCriticalityLevel.Info)
                   return string.Format("Level={0} or Level=0", (int)lev);
               else
                   return string.Format("Level={0}", (int)lev);
           })));

        if (sources != null && sources.Count > 0)
        {
            sb.AppendFormat(" or ");
            sb.AppendFormat("(Provider[{0}])", string.Join(" or ", sources.Select(el => "@Name='" + el + "'")));
        }
        sb.AppendFormat(")");
        if (startDate.HasValue)
        {
            sb.AppendFormat(" and TimeCreated[@SystemTime >= '{0}']", startDate.Value.ToString("o"));
        }
        if (endDate.HasValue)
        {
            sb.AppendFormat(" and TimeCreated[@SystemTime <= '{0}']", endDate.Value.ToString("o"));
        }
        sb.AppendFormat("]]");
        sb.AppendFormat("   </Select>");
        sb.AppendFormat("</Query>");
        sb.Append("</QueryList>");

        try
        {
            EventLogSession sess = new EventLogSession();
            sess.ExportLogAndMessages(logType, PathType.LogName, sb.ToString(), filePath, true, CultureInfo.CurrentCulture);
        }
        catch (Exception ex)
        {
            throw ex;
        }
    }
public enum EventViewerCriticalityLevel
{
    Fatal = 1,
    Error = 2,
    Warning = 3,
    Info = 4,
    Comment = 5
}
How can I query the Eventdata using a EventLogQuery?

How can I query the Eventdata using a EventLogQuery?


By : FreshPoint Marketing
Date : March 29 2020, 07:55 AM
This might help you Im trying to determine a machines most frequent user by looking at the security event logs. im looking at using the 4624 Event ID but I cant seem to work out how to add anything from the EventData in the query. I can get the standard data from a 4624 event but what im trying to query is events that also have the logontype of 7 and then be able to read the targetusername details. , Try this:
code :
string query = @
"*[EventData[Data[@Name='LogonType']='7'] and System[(EventID='4624')]]";

EventLogQuery eventsQuery = new EventLogQuery("Security", PathType.LogName, query);

try {
    EventLogReader logReader = new EventLogReader(eventsQuery);

    for (EventRecord eventdetail = logReader.ReadEvent(); eventdetail != null; eventdetail = logReader.ReadEvent()) {
        string description = eventdetail.FormatDescription();
        string usernametemp = description.Substring(description.IndexOf("Account Name:") + ("Account Name:").Length + 2);
        string username = usernametemp.Substring(0, usernametemp.IndexOf("\r"));
    }
} catch (EventLogNotFoundException) {
    Console.WriteLine("Error while reading the event logs");
    return;
}
Wrong EventLogQuery

Wrong EventLogQuery


By : z77z
Date : March 29 2020, 07:55 AM
Hope that helps The code below gives me an exception with the message The specified query is invalid. The exception happens at the assignment of elReader. What is wrong here? , After some try and error, this Syntax works:
code :
string query = string.Format("*[System/EventID=1116] and *[System[TimeCreated[@SystemTime >= '{0}']]] and *[System[TimeCreated[@SystemTime <= '{1}']]]",
            startTime.ToUniversalTime().ToString("o"),
            endTime.ToUniversalTime().ToString("o"));
Related Posts Related Posts :
  • I am trying to do a while loop with a string conditional statement in C#
  • C# 'Cannot access a disposed object. Object name: 'SslStream'.'
  • How to make Gecko use seperate CookieContainer per instance?
  • C# Advanced form "please wait"
  • Send and Receive data C# using network stream
  • How to discover that appsettings changed in C#?
  • Check what needs full trust
  • What is the execution order of an MVC Razor view/layout
  • Table designer (Entity Framework) is too resource intense
  • How to clean up an exception string so it can be displayed via Javascript Alert?
  • Configuring Amazon SES Feedback Notifications via Amazon SNS in ASP.NET MVC (C#)
  • C# api responce and request
  • Dynamodb putitem function not working properly
  • theme in windows phone(light or dark) using c#
  • Backup attached database file(.mdf) using c# and SQL Server
  • What is 'TextFile' and where it is uses in WPF project
  • Using same alias for multiple namespaces
  • how to move mails into separate folders
  • Multithreaded Uploader
  • Memory fragmentation?
  • C# correct exception handling
  • "Could not open macro storage" when accessing using file on another machine
  • How to access other directories of hosted server
  • C# Jagged Array check if value exists/true
  • Why can't I type Clone() properly?
  • exception on accessing dictionary from list
  • Getting the immediate response from server without waiting to 200 message
  • Why am I getting exception Directory Is Not empty?
  • Could not load file or assembly 'CefSharp.dll' or one of its dependencies
  • Sending Email By Using C# in unity3D?
  • Correct usage of await async in webapi
  • Program update code issue
  • Marshal.Copy attempted to read or write protected memory At Random Times
  • Restrict Type variable to specific class or subclass
  • Horizontal text alignment in a PdfPCell
  • C# crashing with Form.show() command, ObjectDisposedException - Deeper look / explanation please
  • Will the result of a LINQ query always be guaranteed to be in the correct order?
  • "Could not find default endpoint element that references contract"
  • Umbraco Request.QueryString is null if it's the first time the page is loaded
  • Error inconsistent accessibility method C#
  • How to program Intel Xeon Phi with C#?
  • remove nested element using regular expression
  • Is there a C# alternative to Java's vararg parameters?
  • Clear particular column values in DataTable
  • how to add event handler to programatically created checkboxes
  • Cannot apply indexing with [] to an expression of type 'System.Collections.Specialized.NameValueCollection'
  • Check for key in pre-existing dictionary in case insensitive manner
  • How to remove year from datetime object?
  • Accessing Settings in different ways
  • "This project is empty" error in Sonarqube
  • How to create reusable icon menu in Xamarin
  • Value Cannot be null in Ado.Net connectivity
  • Adding a custom/dynamic attribute when using XSD.exe
  • How to convert object to correct type
  • Automatically sign out from Forms Authentication in ASP.NET when browser is closed
  • Can a WCF service support both Buffered and Streamed transfer modes?
  • Verify a CA Certificate with a public key in C#
  • How to invoke a Web Service that requires the "patch" verb using the C# WebClient wrapper?
  • Proper way a implementing property based on generic type
  • Closing a form that is created in another thread
  • shadow
    Privacy Policy - Terms - Contact Us © ourworld-yourmove.org