Keyvee
asked on
Query remote event log using c#
Hi There,
I'm to query the event log on a remote machine. Specifically, I'm trying to query the (very large) System event log on a print server. I've used the Resource Kit tool "Dump Event Log" (dumpel.exe) in the past but I'd rather not rely on a separate program to generate the data.
I've got some code which queries the event log and returns the rows I want, sweet, however it takes far too long (50+ seconds) to run. Dumpel.exe only takes a few seconds so the method Im using cant be all that great.
The code Im using is attached. Apart from being slow, I prefer it than having an external app included in my project. If theres a way to embed an exe into my app that would be fine too (Im not sure there is tho Im still a beginner).
Maybe the code can be rewritten to run more efficiently or perhaps there's a whole different approach we can take here - I'm open to suggestions =)
Thanks!
David
I'm to query the event log on a remote machine. Specifically, I'm trying to query the (very large) System event log on a print server. I've used the Resource Kit tool "Dump Event Log" (dumpel.exe) in the past but I'd rather not rely on a separate program to generate the data.
I've got some code which queries the event log and returns the rows I want, sweet, however it takes far too long (50+ seconds) to run. Dumpel.exe only takes a few seconds so the method Im using cant be all that great.
The code Im using is attached. Apart from being slow, I prefer it than having an external app included in my project. If theres a way to embed an exe into my app that would be fine too (Im not sure there is tho Im still a beginner).
Maybe the code can be rewritten to run more efficiently or perhaps there's a whole different approach we can take here - I'm open to suggestions =)
Thanks!
David
ManagementScope scope;
ManagementObjectSearcher searcher;
ManagementObjectCollection queryCollection;
ConnectionOptions options = new ConnectionOptions();
string Server = "[print server]";
string Username = "[Domain]\\[Admin account]";
string Password = "[]";
options.Username = Username;
options.Password = Password;
scope = new ManagementScope("\\\\" + Server + "\\root\\cimv2", options);
SelectQuery query = new SelectQuery("select * from Win32_NTLogEvent where Logfile = 'System' and EventCode = 10 and SourceName = 'Print' and Type = 'information' and timegenerated >20081020 and timegenerated <20081025");
searcher = new ManagementObjectSearcher(scope, query);
try
{
queryCollection = searcher.Get();
}
catch (Exception e)
{
MessageBox.Show(e.Message);
return;
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.