Solved

Serch remote event log

Posted on 2008-10-02
5
337 Views
Last Modified: 2013-11-07
Hello,

I need to search the eventlog for a remote machine with specefied source.
 Then i need to read all logs to see if a logout exist after later than a logon.

IS this possible and is so, how?

Thanks,  
Peter
0
Comment
Question by:carnegieuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 11

Expert Comment

by:melmers
ID: 22622752
You must import system.Diagnostics

Dim myEventLogReader as new Eventlog("Application","MachineName")
For each myEntry as EventLogEntry in myEventLogReader.Entries
    Console.WriteLine(myEntry.Message)
Next
0
 

Author Comment

by:carnegieuk
ID: 22622863
OKey, so how can i read all entries and set online = "1" if we dont have any logoff after a logon?
0
 
LVL 11

Expert Comment

by:melmers
ID: 22622906
With the sourcecode you can read all log entries.
i don't know your code so you must post it here or explain me more about your software.

But i think it's not a good idea to use the eventlog to identify if a user is logged in or logged off because of deleteing the eventlog from the user side or an admin script.

0
 

Author Comment

by:carnegieuk
ID: 22623174
It's for monitoring a service, make sure it's logged on.

When the service log on to the system it writes a message in the eventlog containing logon when it logss out or if the connection dies it writes a message containing logout.

betwheen thes messages it can be a few hundred of entries.  

but i just realise that it's going to be to intens for the servers to run sutch a searc, it's a lot of eventlogs.

but maybe you can answear how to read eventlogs in realtime?
0
 
LVL 11

Accepted Solution

by:
melmers earned 500 total points
ID: 22623546
When the software runs on the server itself and not on a remote one then you can use
the event EbntryWritten form the Eventlog Class.

This event is only fired when the software runs on the local server and is not connected to
a remote server.

You can also read the log and use the .EntryWritten property of an EventLogEntry Object
if the entrywritten timestamp is lower than yor last read then you can skip the entry
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/A_4334-Minify-and-Concatenate-Your-Scripts-and-Stylesheets.html)…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question