 |
|
|
Hi, I am here. I am alive and well. I'm trying to get back into the CodeProject after a 3 year hiatus.
|
|
|
|
|
|
|
Hi Marc,
thanks for your reply.
I really appreciate the work you have done here.
Unfortunately, as I stated, I'm no coder ... don't even know which language you are using here ... 
Therefore I have no idea if my request would amount to a lot of time or not, but if it is possible for someone here, could you maybe change the code above to what jbono007 suggested (in order to display the full event log message text) and send me the resulting .exe file to go_blue [at] gmx [dot] net .... (or post it here) ?
NotifyIcon.ShowBalloon("Event Log Monitor",
"An event was written to the "+logName+" event log."+
"\nType: "+LogType+
"\nSource: "+LogSource+
"\nCategory: "+LogCategory+
"\nEventID: "+EventID+
"\nMessage: "+logMessage+
"\nUser: "+User,
NotifyIconEx.NotifyInfoFlags.Info,
5000);
And maybe could you also make the program watch all 3 event logs simultaneously (application/security/system log) and change the code accordingly ?
I know, I am probably asking for too much here. I thought, I'd just try.
1000 thanks in advance,
Chris
|
|
|
|
|
|
|
Hi, is there anybody out there?
I'm getting a little desperate, it's been nearly a month that I've posted these lines below and no answer ... 
I would be really thankful if somebody could drop me a line.
Thanks in advance,
Chris
|
|
|
|
|
|
|
Hi, great stuff! Thanks for sharing!
Would be wicked if the balloon tip would also include the actual EVENT LOG MESSAGE TEXT. Then you wouldn't have to check in the event viewer every time.
I guess that would be real easy to code ... by adding a line somewhere here, no ?
===========================================
NotifyIcon.ShowBalloon("Event Log Monitor",
"An event was written to the "+logName+" event log."+
"\nType: "+LogType+
"\nSource: "+LogSource+
"\nCategory: "+LogCategory+
"\nEventID: "+EventID+
"\nUser: "+User,
NotifyIconEx.NotifyInfoFlags.Info,
5000);
============================================
Unfortunately, I'm no coder, I don't even know which language that is ;(
And I don't know neither how to make a running .exe out of these lines :p
Is there a good soul around who would add that line and send me a modified .exe ? I give you my mail:
go_blue[at]gmx[dot]net
100000 thanks!!
I would be REALLY REALLY thankful!!! Thanks in advance to anybody who can help.
Kind regards,
Chris
|
|
|
|
|
|
|
By the way, does anybody have a modified version of this program that watches all 3 simultaneously (application/security/system log)?
|
|
|
|
|
|
|
One small issue:
I was simply echoing event log entries out to a text box; I noticed that when the logging app rapidly spams the event log, the monitoring app shows repeated instances of the most recent event. This was because log.Entries.Count was used as the event index,
rather than e.Entry.Index. HOWEVER, sometimes e.Entry.Index was >= log.Entries.Count, which of course is problematic.
To fix this, whenever we get an entry written event, write from the last logged index + 1 to event log size - 1, as illustrated below:
int NextIndexToWrite = -1;
private void OnEntryWritten(object source, EntryWrittenEventArgs e)
{
StringBuilder sb = new StringBuilder(4096);
EventLog log = new EventLog(watchLog);
if (NextIndexToWrite == -1)
NextIndexToWrite = log.Entries.Count - 1;
while (NextIndexToWrite < log.Entries.Count)
{
try
{
System.Diagnostics.EventLogEntry ele = log.Entries[NextIndexToWrite];
sb.Append(ele.Message);
sb.Append("\r\n");
}
catch (Exception ex)
{
sb.Append(ex.ToString());
}
++NextIndexToWrite;
}
// append the messages to the text box
txtEvents.AppendText(sb.ToString());
}
|
|
|
|
|
|
|
Thanks for your feedback, it is very much appreciated. I was a bit of a novice back when I wrote this and have since thought about updating it with many more capabilities. I'm glad you found it useful.
|
|
|
|
|
|
|
I'm a perpetual novice. Which became even more apparent when I read over the code I posted above and noticed that the initialization of NextIndexToWrite should be changed from:
if (NextIndexToWrite == -1)
NextIndexToWrite = log.Entries.Count - 1;
to
if (NextIndexToWrite == -1)
NextIndexToWrite = e.Entry.Index;
Thanks again for providing a much needed solution.
|
|
|
|
|
|
|
just a little fix....
private void StartWatch()
{
try
{
// if someone remove the Log on register...
if (!EventLog.Exists(watchLog))
watchLog = "Application";
Great stuff!!
Cheers
Nicola
|
|
|
|
|
|
|
|
|
|
Thanks for providing such a great head start for many of us that didnt know how to get to this point...I have modified the app just a bit to change from using the balloon to using a net send...This allows me to run the app on a server and have it alert me on my own workstation via a popup box...It works to a point..but one strange thing ive noticed is that when i use net send, it will keep notifying me over and over again forever until i exit the app from the systray...
If i use messagebox.Show on the local machine, it still behaves strangely in that it will notify me in waves of three....So if an event is fired, I will get three messageboxes that are identical..So I have to click OK three times...I know by changing even this little code, I probably caused this...Would you happen to know where I could look in the code to fix this?
Gary Reynolds
greynolds@hpsj.com
|
|
|
|
|
|
|
Without seeing your code I'm not sure but it sounds like a typical mailslots problem. Net Send uses mailslots. The problem is that by design, Windows will send the message using all available protocols. Usually this means TCP, UDP and IPX, causing each message to be received 3 times. If you have a custom app to listen for the messages then you must account for this. I always gave each message an ID to discard duplicates. For more information look here.
-Jim
|
|
|
|
|
|
|
I've been trying to convert some vb scripts to C# and one of the things I want to do is monitor the event logs (system and application) for errors. I only want to get a trigger on an error event, but I can't seem to find the right call to do this through C#. As in your application, I can get a trigger on every write, but this does not help solve my problem. Does anyone know if there is a way to receive a trigger on error only? Or perhaps to receive the message details with the write trigger?
Thanks.
|
|
|
|
|
|
|
1) Have your method attach for all logs AllLogs().
2) Inside AllLogs, filter on only system and application errors then call ErrorsOnly().
|
|
|
|
|
|
|
I plan on using the eventlog class as the basis for a windows service that grabs the 3 main logs from 300+ servers at specified intervals and puts them in a SQL database.
The problem I have is this: how on EARTH do you listen for that many without spawning hundreds of threads?
I'd LOVE to do some asynchronous listening / db writing, but I'm not sure how to scale this app that much... any ideas?
(I'd like to be agent-free....)
Thanks!
|
|
|
|
|
|
|
I've dealt with something like this. One of my major issues was bandwidth between the client and the server. We solved this by exporting the majority of events as files and feeding them through a managed queue.
|
|
|
|
|
|
|
What are the appropriate permissions for reading and/or writing event logs on a separate machine? That seems to be difficult to find information on.
|
|
|
|
|
|
|
If you want to log an event to the eventlog on a remote machine, the process you are using must have "Access this computer from the network" and "Log on locally" permissions on the remote machine.
Additionally, if you are creating a new event source, the process must also have Write access to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\ registry section.
The following article also gives some insight to your question: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000015.asp
-- modified at 9:38 Thursday 20th October, 2005
|
|
|
|
|
|
|
I need you to implement these features before I can consider using your tool:
- Run as system service. Event monitoring is typically used on a server; A GUI app is not acceptable on such a box, where there is no user interactive logon.
- Email and/or SMS messaging notifications. Monitoring doesn't do much good if nobody knows what happened.
- Monitor more than one log. One-log limitation makes this application useless in the enterprise.
- AD integration. Integrate with active directory services.
I suggest you check out Microsoft's Operations Manager (MOM) to see a good example of how to implement such an application.
Let me know when you have these features implemented.
|
|
|
|
|
|
|
Relax dude - this is a code sharing site. He's not a vendor and we're not customers.
|
|
|
|
|
|
|
yeah I 2nd that. This is a good example of how to monitor the windows event log. If you want an enterprise app, then go buy one >
Also, MOM can be high on bandwidth 
|
|
|
|
|
|
|
hello,
i want to use this tool to monitor the events happened on my pc. but when i execute the tool the following error occurs:
An unhandled exception of type 'System.InvalidOperationException' occurred in system.dll
Additional information: The event log 'Anwendung' on computer '.' does not exist.
I have the german version of Windows XP and Anwendung means Application in the English Version.
I don't understand the error because when i look in the eventvwr i have the event log Anwendung. (addional to that System(system) and Sicherheit(security)).
Please, can anybody tell me what went wrong? - i need this tool very urgently and it is quiet important that it runs on my computer.
thanks in advance.
patrick
|
|
|
|
|
|
|
Look in HKLM\SOFTWARE\Event Log Monitor and change the value of WatchLog from "Application" to "Anwendung" (no quotes)
Lemme know if that fixes the problem.
When I wrote the tool, I did not take into account the Application log name for other languages. By default, if no registry value exists when the tool starts up, it writes "Application" as the default log to monitor.
I am planning an update for this tool in the near future, which will include a fix for this issue.
|
|
|
|
|
|
|
hello,
sorry but where do i find HKLM\Software\Event Log Monitor? - i couldn't find it.
and i have a second question: Can i use this tool on a PDA, to log the events on the PDA? (especially the DELL AXIM X30 with Windows Mobile 2003, Second Edition, .NET Compact Framework).
i hope you can help me once more.
thanks in advance.
yours sincerely.
patrick
|
|
|
|
|
|
|
Check your email. I sent you an updated binary. This article will be updated shortly as well.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin