Solved

Retriving event logs faster vb.net

Posted on 2009-07-02
7
2,173 Views
Last Modified: 2013-11-08
Hello,

Today i use below function:

 Dim entry As EventLogEntry
            Dim EL As New EventLog("Application", server, service)
  For Each entry In EL.Entries
 If entry.Source = service Then

That works and all but the log file is sometimes very big which makes this function take very long time, even when i have specified a source in EL's properties it seams to download everything, thats why the if statement.  Is there anyway i can filter the source, and maybe the time before i actually downloading all the logs? if not, any other way to optimize this code to make it faster?

Kind regards,
Peter Hillerberg
0
Comment
Question by:carnegieuk
  • 3
  • 2
  • 2
7 Comments
 
LVL 9

Assisted Solution

by:Rahul Goel
Rahul Goel earned 70 total points
ID: 24770505
If you're both on Vista or Windows Server 2008, you're in luck. You should look at the new System.Diagnostics.Eventing.Reader.EventLogQuery and System.Diagnostics.Eventing.Reader.EventLogReader. These are new in .net 3.5.

Basically, you can build a query in XML and ship it over
0
 
LVL 9

Assisted Solution

by:Rahul Goel
Rahul Goel earned 70 total points
ID: 24770509
and you can use BackgroundWorker Thread with async results.
0
 
LVL 53

Accepted Solution

by:
Dhaest earned 430 total points
ID: 24770511
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:carnegieuk
ID: 24770523
Thanks very much for such a quick reply, however we are still on 2003... :(

any other possible solution?
0
 

Author Comment

by:carnegieuk
ID: 24770738
Thanks Dhaest,

I get an error when i run this:
Operation is not supported on this platform.

just wrote a shot test, but for some reason it's not working.

its netframework 3.5 (vb 2008 express)
the server i adress is 2003 sp2 i run it on a server 2003 sp2.

any ideas?

thanks!
Private Sub getmessages()

        

        Dim queryString As String = "*[System/Level=2]"  ' XPATH Query
 

        Dim session As EventLogSession = New EventLogSession(serverrc)
 

        ' Query the Application log on the remote computer.

        Dim query As EventLogQuery = New EventLogQuery( _

            "Application", PathType.LogName, queryString)

        query.Session = session
 

        Try
 

            Dim logReader As New EventLogReader(query)
 

            ' Display query results.

            DisplayEventAndLogInformation(logReader)
 

        Catch e As EventLogException
 

            MsgBox("Could not query the remote computer! " & e.Message)

            Return

        End Try
 
 

    End Sub
 
 
 

    Private Sub DisplayEventAndLogInformation(ByVal logReader As EventLogReader)
 

        Dim eventInstance As EventRecord = logReader.ReadEvent()

        While Not eventInstance Is Nothing

            ' Display event info

            MsgBox("-----------------------------------------------------")

            MsgBox("Event ID: {0}", eventInstance.Id)

            MsgBox("Publisher: {0}", eventInstance.ProviderName)
 
 

            Try

                MsgBox("Description: {0}", eventInstance.FormatDescription())
 

            Catch e As EventLogException
 

                ' The event description contains parameters, and no parameters were 

                ' passed to the FormatDescription method, so an exception is thrown.
 

            End Try
 

            eventInstance = logReader.ReadEvent()
 

            ' Cast the EventRecord object as an EventLogRecord object to 

            ' access the EventLogRecord class properties.

            Dim logRecord As EventLogRecord = CType(eventInstance, EventLogRecord)

            MsgBox("Container Event Log: {0}", logRecord.ContainerLog)

        End While
 

    End Sub

        Dim queryString As String = "*[System/Level=2]"  ' XPATH Query
 

        Dim session As EventLogSession = New EventLogSession(serverrc)
 

        ' Query the Application log on the remote computer.

        Dim query As EventLogQuery = New EventLogQuery( _

            "Application", PathType.LogName, queryString)

        query.Session = session
 

        Try
 

            Dim logReader As New EventLogReader(query)
 

            ' Display query results.

            DisplayEventAndLogInformation(logReader)
 

        Catch e As EventLogException
 

            MsgBox("Could not query the remote computer! " & e.Message)

            Return

        End Try
 
 

    End Sub
 
 
 
 
 

    Private Sub DisplayEventAndLogInformation(ByVal logReader As EventLogReader)
 

        Dim eventInstance As EventRecord = logReader.ReadEvent()

        While Not eventInstance Is Nothing

            ' Display event info

            MsgBox("-----------------------------------------------------")

            MsgBox("Event ID: {0}", eventInstance.Id)

            MsgBox("Publisher: {0}", eventInstance.ProviderName)
 
 

            Try

                MsgBox("Description: {0}", eventInstance.FormatDescription())
 

            Catch e As EventLogException
 

                ' The event description contains parameters, and no parameters were 

                ' passed to the FormatDescription method, so an exception is thrown.
 

            End Try
 

            eventInstance = logReader.ReadEvent()
 

            ' Cast the EventRecord object as an EventLogRecord object to 

            ' access the EventLogRecord class properties.

            Dim logRecord As EventLogRecord = CType(eventInstance, EventLogRecord)

            MsgBox("Container Event Log: {0}", logRecord.ContainerLog)

        End While
 

    End Sub

Open in new window

0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 430 total points
ID: 24772370
Where exactly do you get the error ?
0
 

Author Comment

by:carnegieuk
ID: 24821011
Sorry dont remember where i got the problem exactly and i dont have the time to test this now. i have kinda solved it reading other logfile with same information. Thank you so much for your help.

0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now