Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Query remote event log using c#

Posted on 2008-11-03
1
Medium Priority
?
2,851 Views
Last Modified: 2013-12-17
Hi There,

I'm to query the event log on a remote machine. Specifically, I'm trying to query the (very large) System event log on a print server. I've used the Resource Kit tool "Dump Event Log" (dumpel.exe) in the past but I'd rather not rely on a separate program to generate the data.

I've got some code which queries the event log and returns the rows I want, sweet, however it takes far too long (50+ seconds) to run. Dumpel.exe only takes a few seconds so the method Im using cant be all that great.

The code Im using is attached. Apart from being slow, I prefer it than having an external app included in my project. If theres a way to embed an exe into my app that would be fine too (Im not sure there is tho Im still a beginner).

Maybe the code can be rewritten to run more efficiently or perhaps there's a whole different approach we can take here - I'm open to suggestions =)

Thanks!

David
ManagementScope scope;
            ManagementObjectSearcher searcher;
            ManagementObjectCollection queryCollection;
            ConnectionOptions options = new ConnectionOptions();
 
            string Server = "[print server]";
            string Username = "[Domain]\\[Admin account]";
            string Password = "[]";
           
            options.Username = Username;
            options.Password = Password;
 
 
            
 
            scope = new ManagementScope("\\\\" + Server + "\\root\\cimv2", options);
 
 
            SelectQuery query = new SelectQuery("select * from Win32_NTLogEvent where Logfile = 'System' and EventCode = 10 and SourceName = 'Print' and Type = 'information' and timegenerated >20081020 and timegenerated <20081025");
            
            searcher = new ManagementObjectSearcher(scope, query);
 
 
            try
            {
                queryCollection = searcher.Get();
            }
            catch (Exception e)
            {
                MessageBox.Show(e.Message);
                return;
 
            }

Open in new window

0
Comment
Question by:Keyvee
1 Comment
 
LVL 41

Accepted Solution

by:
graye earned 2000 total points
ID: 22895323
That's right... the WMI method is a bit slow.    However, there is another technique using the .Net Framework's own EventLog class
http://msdn.microsoft.com/en-us/library/ht0k516y(VS.80).aspx
However, it's not that much faster for large event logs...  it can retrieve about 50,000 entries per minute (not a scientific measurement).   The speed decreases exponentionally as the size of the log file increases
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question