 |
|
|
Please tell me how to monitor Application and Services Logs/Microsoft/Windows/Diagnosis-PLA
|
|
|
|
|
|
|
|
|
|
|
|
|
thanks for the example. i am displaying the log details in a datagridview (.net 3.5) and attempting to refresh it each time the EntryWritten event fires. however, it doesn't appreciate my trying to update my form gui from what it says is a different thread (the one the event is raised on?).
how to decouple from the event handler thread to update my dgv?
thanks
kjward
|
|
|
|
|
|
|
Although I am not a developer, I find this sample incredibly useful to watch my event log. Can you update it with checkboxes to monitor multiple event logs and check boxes instead of dropdown for filters as well so we can select to monitor any combination of logs and filters? Since I am not a developer, I need your help.
|
|
|
|
|
|
|
The WIN32 API that the event log monitor uses does not support monitoring of remote machines. You would have to buy/write a little client/server module to get event log monitoring for remote machines.
|
|
|
|
|
|
|
I am getting the following error in the ShowBalloon method. Can anyone point me in the correct direction to solve this. I get this error on the line:
data.hWnd = m_messageSink.Handle;
InvalidOperationException was unhandled by user code
Cross-thread operation not valid: Control '' accessed from a thread other than the thread it was created on.
public void ShowBalloon(string title, string text, NotifyInfoFlags type, int timeoutInMilliSeconds)
{
if(timeoutInMilliSeconds < 0)
throw new ArgumentException("The parameter must be positive", "timeoutInMilliseconds");
NotifyIconData data = new NotifyIconData();
data.cbSize = (uint)Marshal.SizeOf(data);
data.hWnd = m_messageSink.Handle;
data.uID = m_id;
data.uFlags = NotifyFlags.Info;
data.dwTimeoutOrVersion = timeoutInMilliSeconds; data.szInfoTitle = title;
data.szInfo = text;
data.dwInfoFlags = type;
Shell_NotifyIcon(NotifyCommand.Modify, ref data);
}
|
|
|
|
|
|
|
To fix it, Change this line:
data.hWnd = m_messageSink.Handle;
to be:
data.hWnd = m_handle;
|
|
|
|
|
|
|
Hi Mark. Nice little gimmick, however it doesn't work here: After selecting a log and event type and pressing "Apply", I receive the following exception, meaning that the event log I have just selected wouldn't exist.
System.InvalidOperationException: Das Ereignisprotokoll 'Sicherheit' auf dem Computer '.' ist nicht vorhanden.
at System.Diagnostics.EventLog.OpenForRead()
at System.Diagnostics.EventLog.get_EntryCount()
at System.Diagnostics.EventLog.StartListening()
at System.Diagnostics.EventLog.StartRaisingEvents()
at System.Diagnostics.EventLog.set_EnableRaisingEvents(Boolean value)
at EventReader.Config.StartWatch()
at EventReader.Config.btnUpdate_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
|
|
|
|
|
|
|
Sounds like a globalization issue to me. The Security log, or Sicherheit in German, isn't found because it is looking for the string "Security" Can you fix this or do you want me to send you an updated binary?
|
|
|
|
|
|
|
Hi Marc,
is your apps Vista compatible ?
I would like to it to new laptop machines....
Simone
|
|
|
|
|
|
|
I haven't tested it on Vista, but is should work the same as the APIs are the same.
|
|
|
|
|
|
|
I'm trying to recompile and run the event log monitoring source code using Visual Studio 5 and I'm getting the exception indicated below. What must I do to make this code compatible with Microst.NET Framework 2.0 because to me it looks like the code has been written using .NET 2003 with Microst.NET Framework 1.1? Help please!
Below is the exception I'm encountering:
System.InvalidOperationException was unhandled by user code
Message="Cross-thread operation not valid: Control '' accessed from a thread other than the thread it was created on."
Source="System.Windows.Forms"
StackTrace:
at System.Windows.Forms.Control.get_Handle()
at JCMLib.NotifyIconEx.ShowBalloon(String title, String text, NotifyInfoFlags type, Int32 timeoutInMilliSeconds) in C:\Project\EventReader_src\EventReader\NotifyIconEx.cs:line 326
at EventReader.Config.OnEntryWritten(Object source, EntryWrittenEventArgs e) in C:\Project\EventReader_src\EventReader\Config.cs:line 554
at System.Diagnostics.EventLog.CompletionCallback(Object context)
|
|
|
|
|
|
|
Yeah, I am aware of that issue. The code doesn't adhere to cross-threading compatibility simply because it was written nearly 4 years ago and I was just starting to play with threading.
You have two approaches to use here; one is to simply ignore the error by setting CheckForIllegalCrossThreadCalls to False when you're compiling. The other is to use the BackgroundWorker class in .NET 2.0. They've made making thread-safe calls too easy with this. 
Check your MSDN docs for BackgroundWorker. Let me know how it goes.
-M
|
|
|
|
|
|
|
Thanks for your paper. From MSDN, I have also read event logging topics under both Win32/COM and .NET development.
My question is:
In .NET development, if I want to read full description of message from a remote machine, do I
still need to load dll that contain an application's resource file? The remote machine has no .NET framework installation.
From the .NET document of EventLogEntry.Message
Property, it said: "Getting this property opens the
registry to determine the file name of the .dll file
that contains the localized text...."
Does .NET already got the remote dll's resource
message file for me?
Thanks
Yao
yao
|
|
|
|
|
|
|
Well it certainly sounds like what you are trying to do is far beyond the scope of my little tool. The short answer is "I'm not sure." This is an intriguing problem and I'll try to answer it in a future revision to the article.
|
|
|
|
|
|
|
Hi Yao,
.NET already knows about the messages.
You just need to change he code a little bit like this:
EventLog SysEvt = new EventLog("System", );
SysEvt.EntryWritten += new EntryWrittenEventHandler(SysEvt_EntryWritten);
SysEvt.EnableRaisingEvents = true;
The only thing you need is t have appropriate permissions.
Cheers,
Christian
|
|
|
|
|
|
|
Hi, does anybody know how to contact Marc Merritt (the author of this program) ?
![Rose | [Rose]](/script/Forums/Images/rose.gif) Thanks, Chris
|
|
|
|
|
|
|
Hey Chris,
If you still need the msg, add the following in the source and it will work.
NotifyIcon.ShowBalloon("Event Log Monitor",
"An event was written to the "+logName+" event log."+
"\nType: "+LogType+
"\nSource: "+LogSource+
"\nCategory: "+LogCategory+
"\nEventID: "+EventID+
"\nMessage: "+logMessage+
"\nUser: "+User,
NotifyIconEx.NotifyInfoFlags.Info,
5000);
|
|
|
|
|
|
|
Hi, I am here. I am alive and well. I'm trying to get back into the CodeProject after a 3 year hiatus.
|
|
|
|
|
|
|
Hi Marc,
thanks for your reply.
I really appreciate the work you have done here.
Unfortunately, as I stated, I'm no coder ... don't even know which language you are using here ...
Therefore I have no idea if my request would amount to a lot of time or not, but if it is possible for someone here, could you maybe change the code above to what jbono007 suggested (in order to display the full event log message text) and send me the resulting .exe file to go_blue [at] gmx [dot] net .... (or post it here) ?
NotifyIcon.ShowBalloon("Event Log Monitor",
"An event was written to the "+logName+" event log."+
"\nType: "+LogType+
"\nSource: "+LogSource+
"\nCategory: "+LogCategory+
"\nEventID: "+EventID+
"\nMessage: "+logMessage+
"\nUser: "+User,
NotifyIconEx.NotifyInfoFlags.Info,
5000);
And maybe could you also make the program watch all 3 event logs simultaneously (application/security/system log) and change the code accordingly ?
I know, I am probably asking for too much here. I thought, I'd just try.
1000 thanks in advance,
Chris
|
|
|
|
|
|
|
Hi, is there anybody out there?
I'm getting a little desperate, it's been nearly a month that I've posted these lines below and no answer ... 
I would be really thankful if somebody could drop me a line.
Thanks in advance,
Chris
|
|
|
|
|
|
|
Hi, great stuff! Thanks for sharing!
Would be wicked if the balloon tip would also include the actual EVENT LOG MESSAGE TEXT. Then you wouldn't have to check in the event viewer every time.
I guess that would be real easy to code ... by adding a line somewhere here, no ?
===========================================
NotifyIcon.ShowBalloon("Event Log Monitor",
"An event was written to the "+logName+" event log."+
"\nType: "+LogType+
"\nSource: "+LogSource+
"\nCategory: "+LogCategory+
"\nEventID: "+EventID+
"\nUser: "+User,
NotifyIconEx.NotifyInfoFlags.Info,
5000);
============================================
Unfortunately, I'm no coder, I don't even know which language that is ;(
And I don't know neither how to make a running .exe out of these lines :p
Is there a good soul around who would add that line and send me a modified .exe ? I give you my mail:
go_blue[at]gmx[dot]net
100000 thanks!!
I would be REALLY REALLY thankful!!! Thanks in advance to anybody who can help.
Kind regards,
Chris
|
|
|
|
|
|
|
By the way, does anybody have a modified version of this program that watches all 3 simultaneously (application/security/system log)?
|
|
|
|
|
|
|
One small issue:
I was simply echoing event log entries out to a text box; I noticed that when the logging app rapidly spams the event log, the monitoring app shows repeated instances of the most recent event. This was because log.Entries.Count was used as the event index,
rather than e.Entry.Index. HOWEVER, sometimes e.Entry.Index was >= log.Entries.Count, which of course is problematic.
To fix this, whenever we get an entry written event, write from the last logged index + 1 to event log size - 1, as illustrated below:
int NextIndexToWrite = -1;
private void OnEntryWritten(object source, EntryWrittenEventArgs e)
{
StringBuilder sb = new StringBuilder(4096);
EventLog log = new EventLog(watchLog);
if (NextIndexToWrite == -1)
NextIndexToWrite = log.Entries.Count - 1;
while (NextIndexToWrite < log.Entries.Count)
{
try
{
System.Diagnostics.EventLogEntry ele = log.Entries[NextIndexToWrite];
sb.Append(ele.Message);
sb.Append("\r\n");
}
catch (Exception ex)
{
sb.Append(ex.ToString());
}
++NextIndexToWrite;
}
// append the messages to the text box
txtEvents.AppendText(sb.ToString());
}
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin