 |
|
|
Can you please help me on my problem? I have been scouring the net to find out how can i create an event log source from an existing .evt file. tried WMI EventLog but they only create an empty custom event log to which i cant associate an existing .EVT file. Please help me.. any kind of pointers are much appreciated Riaan!!
rashu
|
|
|
|
|
|
|
I have written a EventLog Viewer but it enumerates through the EventLog.x.Entries directly and do dataGrid.Rows.Add( event ).
Loading hundreds of events takes just few seconds, but loading 13000 events took 2-3 minutes. Using your program, it took 40 seconds.
Right now, I'm not binding data and not using WMI.
Did you see performance gain when you switched to WMI?
One thing I am noticing is that when you select an event,
it takes more than 10 seconds to display the message on the bottom.
When I go to Microsoft's event viewer, they seem to load 13000 events instantly,
and also display the detail message immediately.
Any idea on how they may be doing this?
Thanks 
|
|
|
|
|
|
|
Hi
The reason why I moved to WMI is that the standard .NET event log classes didn't perform to well, especially with remote event logs. I attributed it to the amount of data involved - the switch to WMI meant that Smoothy can query the display details first, and then lazy load the actual message.
As for the 10 seconds to display the message, the lazy loading is queued at the moment - something I'm still getting around to fixing. As to how Microsoft's event viewer does it, I've been wondering that myself. On the local machine, it might be faster to read the registry directly to retrieve event information. Haven't tried it though, let me know if you do.
Cheers,
Riaan Hanekom
|
|
|
|
|
|
|
It's taking sometimes 10 seconds or more on some of the message on a local machine. Oh well...
By the way, the prgram caused exception trying to read "Security" event log and failed to start. I had to catch the exception and continue.
I also noticed that you didn't "sign the assembly" and didn't grant any "EventLogPermission". You can find this at "Smooth Interface property --> Security --> Enable CLickOnce Security Settings" --> there ... you can see the permission settings.
How did you configure your security settings?
Thanks
|
|
|
|
|
|
|
Great tool!!
Very well written.
And saved me a lot of time already... even though what i write is for a very old system working under Framework 1.1 
But what i cannot fin is a way to save the log to evt file?
Or just getting the file name of a log?
i know i can use the Data Objects to save to other formats, but i need evt.
Thanks..
Programming with love
|
|
|
|
|
|
|
Thanks - it's due for a rewrite soon though, we'll see how that goes.
Smoothy doesn't have that build in as of yet - but I'll build that when I have some time available.
The article here[^] might help you if want to write your own.
Riaan Hanekom
|
|
|
|
|
|
|
Great tool!
But AnalyzeAndFixSearch very restrictive, I've removed it at all,in most cases it works fine "as is"
I've also removed delay in FillMessage - works much faster
|
|
|
|
|
|
|
Thanks for a great application. I have a remote log I'm trying to view. I can connect to the remote machine with Smoothy and it shows me that machine's event logs, but when I try to open one, I get an access error:
System.UnathorizedAccessException: Access is denied at
System.Management.ManagementScope.Initialize() at
System.Management.ManagementScope.Connect() at
SmoothyInterface.Forms.GetEvents() at
SmoothyInterface.Forms.FillGrid().
I can use Windows XP event viewer to see the log and the events. I think the machine I'm connecting to is Windows Server 2003.
Thanks for any insight.
Stu
|
|
|
|
|
|
|
In the ManagementScope options, you need to set a username and password to access other network computers. You need to set it so that they are not used when you are accessing your local event log...the authentication does not work there.
Once done, this should work no probs for you. I did this earlier and all was ok
Hope this helps
|
|
|
|
|
|
|
hi
the code is not connect to remote machine which is on LAN.
Manish Kumar
|
|
|
|
|
|
|
Hi..
You did mention the future option of auto refresh... Is there an approximate time for such an option to be created?
Thnx
|
|
|
|
|
|
|
Hi
Haven't worked on this for 2 years (been busy), but a rewrite/revamp on Smoothy is due soon.
Subscribe to the thread, then I'll keep you updated.
Riaan Hanekom
Riaan Hanekom
|
|
|
|
|
|
|
What is the license for Smoothy?
|
|
|
|
|
|
|
Apologies for not mentioning the license anywhere - Smooth is licensed under the Microsoft Permissive License (Ms-PL) v1.1.
Riaan Hanekom
|
|
|
|
|
|
|
I noticed that events has some extra lines which made reading them more difficult. In the source code for the [EventLogViewer.cs] form I made an adjustment in the [UpdateEventDetailText] procedure. I used regular expressions to modify the event message to remove the extra line breaks. You make a reference to System.Text.RegularExpressions and use the changes below to remove the extra line breaks.
Regex myregex = new Regex("\r\n\r");
row.Cells[6].Value = message;
tbEventDetail.Text = myregex.Replace(message, "\r\n");
wolfwizard
|
|
|
|
|
|
|
I'm running smoothy under W2K server and I'm experiencing a strange slow down after reading about 1600 events. This happens in debug and release builds. At first I thought the program had frozen but I enabled the progress bar and could see it crawling along at 1 event/per sec after 1600 events. I guess the event log is larger under server OS but memory use isn't high. Any suggestions? Hopefully as its a cool program
a few days later....
I've done more investigation and it looks like WMI is just plain slow. I'm testing this fix ATM
System.Management.ObjectQuery objectQuery = new System.Management.ObjectQuery(query.ToString());
System.Management.EnumerationOptions enumOpt = new System.Management.EnumerationOptions();
enumOpt.Rewindable = false;
using (ManagementObjectSearcher objectSearcher = new ManagementObjectSearcher(messageScope, objectQuery, enumOpt))
using a forward only enumerator is supposed to help
Thanks Paul Tait
|
|
|
|
|
|
|
Hi,
Your code is nice. One fatal issue you have to be concerned.
If the remote machine's event log record count > 2000, the ManagementObjectSearcher.get() will raise an out of memory error. And the API did not release the memory in its last get().
I tried to build the QueryString to narrow the records, but WMI has no Count funtion as SQL's select * count(100)..., or I have to use timewritten in the QuerryString to select records between sometimes, but in your first retrieve, you do not the timewritten.
Any suggestion to narrow records in the QueryString?
Yao
|
|
|
|
|
|
|
|
|
|
Hi,
I wrote about save LOG (HTML, EVT, CSV, etc), but... You can create a plugin system, than your system provide the data and the plugin make the file. This will enable other users to write plugins for specific layout and send to you after all.
Eg. Send specific log ID to a DBMS for statistic porpose.
PS: Did you have the *.EVT file format specification?
I need it a lot!!! Thanks!
Willian S. Rodrigues
willian_cpp_br@hotmail.com
|
|
|
|
|
|
|
A useful tool for any developer. Have you looked at CodeSite? It seems to be along similar lines.
|
|
|
|
|
|
|
Is there any way to search saved log entries?
|
|
|
|
|
|
|
I note that if I open system log or protections log on smoothy I've no messages even if there are messages in event viewer. The same does'n appen on other log as wince log or virtual server log.
What about?
Thank you.
Raffaele
-- modified at 18:01 Thursday 30th November, 2006
|
|
|
|
|
|
|
I'm impressed! Keep up the good work! 
Programmers:
Lovers of problem solving, they are apt to play chess at lunch or doodle in algebra over cocktails, speak an esoteric language that some suspect is just their way of mystifying outsiders. Deeply concerned about logic and sensitive to its breakdown in everyday life, they often annoy friends by asking them to rephrase their questions more logically. (Time Magazine in 1965)
|
|
|
|
|
|
|
Howzit Dude..
Do you have any log4net integration as well.
Sk8tZ
|
|
|
|
|
|
|
Man, I'm seeing a lot of South Africans on CodeProject these days
Times are changing here, it seems.
There was another message for integration with the Enterprise Library Logging Application block - I'm interested.
I started this project out with a "Log Reader" app that might be able to read other logs (like logs generated with the flat file output option of the the Enterprise Library Logging Application block, IIS logs, etc), so it might still morph into something else than "just a event log viewer".
How would you integrate something like this for registry entries though? There is no "framework" specific information in the event log entries that specifies this as a "log4net" entry...
Any ideas? Or maybe a clearer definition of what it means to "integrate" one of these logging frameworks into Smoothy?
Cheers
Riaan
|
|
|
|
|
General 
News 
Question 
Answer 
Joke 
Rant 
Admin 
