System.Diagnostics.EventLog
Provides interaction with Windows event logs.
The contents of the log.
Gets or sets the name of the log to read from and write to.
The machine on which this event log resides.
Indicates if the component monitors the event log for changes.
The object used to marshal the event handler calls issued as a result of an EventLog change.
The application name (source name) to use when writing to the event log.
Raised each time any application writes an entry to the event log.
The machine on which this event log resides.
The binary data associated with this entry in the event log.
The sequence of this entry in the event log.
The category for this message.
An application-specific category number assigned to this entry.
The number identifying the message for this source.
The type of entry - Information, Warning, etc.
The text of the message for this entry.
The name of the application that wrote this entry.
The application-supplied strings used in the message.
The full number identifying the message in the event message dll.
The time at which the application logged this entry.
The time at which the system logged this entry to the event log.
The username of the account associated with this entry by the writing application.
A SafeHandle implementation over a native CoTaskMem allocated via StringToCoTaskMemAuto.
A SafeHandle implementation over a native CoTaskMem allocated via SecureStringToCoTaskMemUnicode.
Represents an opaque Event Bookmark obtained from an EventRecord.
The bookmark denotes a unique identifier for the event instance as
well as marks the location in the result set of the EventReader
that the event instance was obtained from.
Describes the metadata for a specific Keyword defined by a Provider.
An instance of this class is obtained from a ProviderMetadata object.
Describes the metadata for a specific Level defined by a Provider.
An instance of this class is obtained from a ProviderMetadata object.
Log Type
Log Isolation
Log Mode
Provides access to static log information and configures
log publishing and log file properties.
describes an exception thrown from Event Log related classes.
The object requested by the operation is not found.
The state of the reader cursor has become invalid, most likely due to the fact
that the log has been cleared. User needs to obtain a new reader object if
they wish to continue navigating result set.
Provider has been uninstalled while ProviderMetadata operations are being performed.
Obtain a new ProviderMetadata object, when provider is reinstalled, to continue navigating
provider's metadata.
Data obtained from the eventlog service, for the current operation, is invalid .
A SafeHandle implementation over native EVT_HANDLE
obtained from EventLog Native Methods.
Describes the run-time properties of logs and external log files. An instance
of this class is obtained from EventLogSession.
Describes the metadata for a specific Log Reference defined
by a Provider. An instance of this class is obtained from
a ProviderMetadata object.
Encapsulates the information for fast access to Event Values
of an EventLogRecord. An instance of this class is constructed
and then passed to EventLogRecord.GetEventPropertyValues.
Allows a user to define events of interest. An instance of this
class is passed to an EventReader to actually obtain the EventRecords.
The EventLogQuery can be as simple specifying that all events are of
interest, or it can contain query / xpath expressions that indicate exactly
what characteristics events should have.
This public class is used for reading event records from event log.
events buffer holds batched event (handles).
The current index where the function GetNextEvent is (inside the eventsBuffer).
The number of events read from the batch into the eventsBuffer
When the reader finishes (will always return only ERROR_NO_MORE_ITEMS).
For subscription, this means we need to wait for next event.
Maintains cached display / metadata information returned from
EventRecords that were obtained from this reader.
Session Login Type
The type: log / external log file to query
Defines a session for Event Log operations. The session can
be configured for a remote machine and can use specific
user credentials.
Describes the status of a particular log with respect to
an instantiated EventLogReader. Since it is possible to
instantiate an EventLogReader with a query containing
multiple logs and the reader can be configured to tolerate
errors in attaching to those logs, this class allows the
user to determine exactly what the status of those logs is.
Used for subscribing to event record notifications from
event log.
Maintains cached display / metadata information returned from
EventRecords that were obtained from this reader.
Event Metadata
The metadata for a specific Opcode defined by a Provider.
An instance of this class is obtained from a ProviderMetadata object.
Represents an event obtained from an EventReader.
The custom event handler args.
The EventRecord being notified.
NOTE: If non null, then caller is required to call Dispose().
If any error occured during subscription, this will be non-null.
After a notification containing an exception, no more notifications will
be made for this subscription.
Describes the metadata for a specific Task defined by a Provider.
An instance of this class is obtained from a ProviderMetadata object.
This internal class contains wrapper methods over the Native
Methods of the Eventlog API. Unlike the raw Native Methods,
these methods throw EventLogExceptions, check platform
availability and perform additional helper functionality
specific to function. Also, all methods of this class expose
the Link Demand for Unmanaged Permission to callers.
Exposes all the metadata for a specific event Provider. An instance
of this class is obtained from EventLogManagement and is scoped to a
single Locale.
This class does not expose underlying Provider metadata objects. Instead it
exposes a limited set of Provider metadata information from the cache. The reason
for this is so the cache can easily Dispose the metadata object without worrying
about who is using it.
WindowsEventLevel
Log always
Only critical errors
All errors, including previous levels
All warnings, including previous levels
All informational events, including previous levels
All events, including previous levels
WindowsEventTask
Undefined task
EventOpcode
An informational event
An activity start event
An activity end event
A trace collection start event
A trace collection end event
An extensional event
A reply event
An event representing the activity resuming from the suspension
An event representing the activity is suspended, pending another activity's completion
An event representing the activity is transferred to another component, and can continue to work
An event representing receiving an activity transfer from another component
EventOpcode
Wild card value
Events providing response time information
WDI context events
WDI diagnostic events
SQM events
FAiled security audits
Successful security audits
Incorrect CorrelationHint value mistakenly shipped in .NET 3.5. Don't use: duplicates AuditFailure.
Transfer events where the related Activity ID is a computed value and not a GUID
Events raised using classic eventlog API
Event log names must consist of printable characters and cannot contain \\, *, ?, or spaces
The event log source '{0}' cannot be deleted, because it's equal to the log name.
Cannot monitor EntryWritten events for this EventLog. This might be because the EventLog is on a remote machine which is not a supported scenario.
Cannot open log {0} on computer '{1}'. {2}
Cannot open log for source '{0}'. You may not have write access.
Cannot read log entry number {0}. The event log may be corrupt.
Cannot retrieve all entries.
Only the first eight characters of a custom log name are significant, and there is already another log on the system using the first eight characters of the name given. Name given: '{0}', name of existing log: '{1}'.
Invalid eventID value '{0}'. It must be in the range between '{1}' and '{2}'.
Index {0} is out of bounds.
Cannot initialize the same object twice.
The log name: '{0}' is invalid for customer log creation.
Invalid value '{1}' for parameter '{0}'.
Invalid format for argument {0}.
Log {0} has already been registered as a source on the local computer.
Cannot open registry key {0}\\{1}\\{2}.
Source {0} already exists on the local computer.
Source {0} is not registered on the local computer.
The event log '{0}' on computer '{1}' does not exist.
Log entry string is too long. A string written to the event log cannot exceed 32766 characters.
The source '{0}' is not registered in log '{1}'. (It is registered in log '{2}'.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will automatically be matched to the Source property.NoAccountInfo=Cannot obta ...
MaximumKilobytes must be between 64 KB and 4 GB, and must be in 64K increments.
The description for Event ID '{0}' in Source '{1}' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information i ...
Cannot find Log {0} on computer '{1}'.
Log property value has not been specified.
Must specify value for {0}.
Source property was not set before opening the event log in write mode.
Source property was not set before writing to the event log.
No current EventLog entry available, cursor is located before the first or after the last element of the enumeration.
Log to delete was not specified.
The size of {0} is too big. It cannot be longer than {1} characters.
EventLog access is not supported on this platform.
Cannot open registry key {0}\\{1}\\{2} on computer '{3}'.
Cannot open registry key {0} on computer {1}.
Cannot open registry key {0} on computer {1}. You might not have access.
'retentionDays' must be between 1 and 365 days.
The source was not found, but some or all event logs could not be searched. Inaccessible logs: {0}.
The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: {0}.
Source {0} already exists on the computer '{1}'.
The source '{0}' is not registered on machine '{1}', or you do not have write access to the {2} registry key.
The maximum allowed number of replacement strings is 255.
Log {0} has already been registered as a source on the local computer.
Opening Win32 devices other than file such as COM ports, printers, disk partitions and tape drives is not supported. Avoid use of "\\\\.\\" in the path.
Evt Variant types
The query flags to get information about query
Publisher Metadata properties