As a developer, I spend a lot of time watching events in the Event Logs. The Event Logs provide quick tracing/debugging functionality for application developers, especially where applications run in non-graphical environments (like the BizTalk environment). Some people even use it to store objects in a serialized state. As such, it proves to be a huge source of information.
I've grown tired of Microsoft's standard Event Log viewer (the snap-in for MMC):
- Viewing event logs are limited to one at a time.
- In order to filter on anything, you need to go through several steps (and several steps to undo your filters again).
- There is no auto-refresh on an event log. To view any new events, you need to manually refresh (and re-fetch all entries).
- There is no printing functionality on event logs.
- Clearing the event logs needs a confirmation every time.
- There is no functionality for deleting and/or creating Event Logs.
Smoothy is still a work in progress, but currently features the following:
- MDI interface for viewing multiple event logs.
- Viewing of event logs on a remote computer.
- Quick filtering on event sources.
- Quick filtering on message content.
- Quick filtering on event log entry type (warnings, errors, etc.).
- Creation and deletion of event logs.
- One-click clearing of event logs.
This article provides an event log viewer control (which incidentally inspired a couple of layout ideas), but it's always fun to write your own, isn't it?
Event Log entries are stored in the registry, together with it's associated log and application sources registered for that log. The Event Logs can be accessed through several classes found in the
System.Diagnostics namespace in .NET. The main classes used are
System.Diagnostics.EventLogEntry. They provide an easy to use, intuitive interface for read and write access to the Event Logs, either on the local machine, or a remote machine through WMI.
Using the code
Using it? Easy, run it. Auto-refresh is not supported at the moment (although the code is in there), because the
DataGridView doesn't update (paint) correctly in this case when adding new items. Custom painting for the
DataGrid might be needed to solve that issue.
Clicking on the information, warning, etc., buttons filters by event entry type. Searching can be toggled by the search buttons next to the search textbox.
The application creates event logs by registering a user supplied source in the new event log. Deletion of custom event logs is possible, but I wouldn't go about deleting every log you can find - some applications might depend on them..
The column sorting still needs some work. Microsoft's Event Log viewer has a "dual" sorting mode that it achieves by sorting the column requested and sorting the index fields on the entries in the same direction as the sorted column. Sorting by two columns on a
DataGridView isn't possible, so if possible sort on the index column (the default sorting column) to ensure the right chronological order.
Points of Interestt
This program was born out of an interest in testing the new functionality of the
DataGridView in .NET 2.0. It makes extensive use of the
BindingSource class to provide sorting and filtering (job well done on this, Microsoft!).
Accessing multiple entries in the event log seems to be the slowest operation possible. Increasing performance in version 1.1 has been put in place by using a mixture between WMI and the standard
EventLog classes. A WMI query is executed to retrieve only the relevant information for display (without the messages). The messages are displayed by doing a lazy load on the
SelectionChanged event provided by the
So what's next?
Features still outstanding for Smoothy:
- Correct sorting on all columns.
- Importing and saving of event logs in several formats (EVT, HTML, CSV, maybe XML?).
- Printing of event log entries.
- Auto-Refresh on event logs (new items get added dynamically).
- View option for replacement strings.
- View and export binary data.
- Got any ideas you'd like to share? Ping me.
17 August 2006: Version 1.0
17 August 2006: Version 1.1
- Performance Increase Update.
- Smoothy now uses a mixture between WMI and the standard
EventLog classes to access entries.
07 October 2006: Version 1.2
- WMI is now used to retrieve Event Log messages with a lazy load mechanism (instead of using the standard .NET classes).
- Fixed bug: Assumption that the first Event Log entry has an index of 1 and that indexes are consecutive..
- Added Color View Mode that colors the
GridView rows to distinguish between Event Log Entries instead of using icons. This will hopefully speed up the interface on slower computers since a Custom Cell Paint event is not necessary anymore.
- Added color configuration for the Color View Mode.
- Added the option to specify a source name when creating an Event Log - only one distinct source name is allowed between all Event Logs.
- Added progress bar (using BusyBar, search for it on CodeProject) to display progress of entries loaded from remote machines.
- Added cancel mechanism to cancel long running loading of events.
The author is a software consultant in South Africa, specializing in bespoke software solutions.