Click here to Skip to main content
15,868,419 members
Articles / Programming Languages / C#
Article

Smoothy Event Log Viewer 1.2

Rate me:
Please Sign up or sign in to vote.
4.75/5 (42 votes)
7 Oct 2006Ms-PL4 min read 185.3K   7.4K   119   55
MDI event log viewer with quick filter and search capabilities.

Sample Image - Article.gif

Introduction

As a developer, I spend a lot of time watching events in the Event Logs. The Event Logs provide quick tracing/debugging functionality for application developers, especially where applications run in non-graphical environments (like the BizTalk environment). Some people even use it to store objects in a serialized state. As such, it proves to be a huge source of information. 

I've grown tired of Microsoft's standard Event Log viewer (the snap-in for MMC):

  • Viewing event logs are limited to one at a time.
  • In order to filter on anything, you need to go through several steps (and several steps to undo your filters again).
  • There is no auto-refresh on an event log. To view any new events, you need to manually refresh (and re-fetch all entries).
  • There is no printing functionality on event logs.
  • Clearing the event logs needs a confirmation every time.
  • There is no functionality for deleting and/or creating Event Logs.

Smoothy is still a work in progress, but currently features the following:

  • MDI interface for viewing multiple event logs.
  • Viewing of event logs on a remote computer.
  • Quick filtering on event sources.
  • Quick filtering on message content.
  • Quick filtering on event log entry type (warnings, errors, etc.).
  • Creation and deletion of event logs.
  • One-click clearing of event logs.

This article provides an event log viewer control (which incidentally inspired a couple of layout ideas), but it's always fun to write your own, isn't it? 

Background

Event Log entries are stored in the registry, together with it's associated log and application sources registered for that log. The Event Logs can be accessed through several classes found in the System.Diagnostics namespace in .NET. The main classes used are System.Diagnostics.EventLog and System.Diagnostics.EventLogEntry. They provide an easy to use, intuitive interface for read and write access to the Event Logs, either on the local machine, or a remote machine through WMI.

Using the code

Using it? Easy, run it. Auto-refresh is not supported at the moment (although the code is in there), because the DataGridView doesn't update (paint) correctly in this case when adding new items. Custom painting for the DataGrid might be needed to solve that issue. 

Clicking on the information, warning, etc., buttons filters by event entry type. Searching can be toggled by the search buttons next to the search textbox. 

The application creates event logs by registering a user supplied source in the new event log. Deletion of custom event logs is possible, but I wouldn't go about deleting every log you can find - some applications might depend on them..

The column sorting still needs some work. Microsoft's Event Log viewer has a "dual" sorting mode that it achieves by sorting the column requested and sorting the index fields on the entries in the same direction as the sorted column. Sorting by two columns on a DataGridView isn't possible, so if possible sort on the index column (the default sorting column) to ensure the right chronological order.

Points of Interestt

This program was born out of an interest in testing the new functionality of the DataGridView in .NET 2.0. It makes extensive use of the BindingSource class to provide sorting and filtering (job well done on this, Microsoft!).

Accessing multiple entries in the event log seems to be the slowest operation possible. Increasing performance in version 1.1 has been put in place by using a mixture between WMI and the standard EventLog classes. A WMI query is executed to retrieve only the relevant information for display (without the messages). The messages are displayed by doing a lazy load on the SelectionChanged event provided by the DataGridView

So what's next?

Features still outstanding for Smoothy:

  • Correct sorting on all columns.
  • Importing and saving of event logs in several formats (EVT, HTML, CSV, maybe XML?).
  • Printing of event log entries.
  • Auto-Refresh on event logs (new items get added dynamically).
  • View option for replacement strings.
  • View and export binary data.
  • Got any ideas you'd like to share?  Ping me.

History

17 August 2006: Version 1.0

  • Initial release. 

17 August 2006: Version 1.1

  • Performance Increase Update.
  • Smoothy now uses a mixture between WMI and the standard EventLog classes to access entries.

 07 October 2006: Version 1.2

  • WMI is now used to retrieve Event Log messages with a lazy load mechanism (instead of using the standard .NET classes).
  • Fixed bug: Assumption that the first Event Log entry has an index of 1 and that indexes are consecutive..
  • Added Color View Mode that colors the GridView rows to distinguish between Event Log Entries instead of using icons. This will hopefully speed up the interface on slower computers since a Custom Cell Paint event is not necessary anymore.
  • Added color configuration for the Color View Mode.
  • Added the option to specify a source name when creating an Event Log - only one distinct source name is allowed between all Event Logs.
  • Added progress bar (using BusyBar, search for it on CodeProject) to display progress of entries loaded from remote machines.
  • Added cancel mechanism to cancel long running loading of events.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
Web Developer
South Africa South Africa
The author is a software consultant in South Africa, specializing in bespoke software solutions.

Comments and Discussions

 
Questionwill not work on remote server if user has limited permissions Pin
priyanka.salunkhe27-Sep-11 23:22
priyanka.salunkhe27-Sep-11 23:22 
QuestionAccess error on Windows 7 Pin
D_Ana26-Sep-11 4:18
D_Ana26-Sep-11 4:18 
QuestionThanks a lot brother. Pin
Dharmindar21-Aug-11 22:42
professionalDharmindar21-Aug-11 22:42 
GeneralProblem in non English system [modified] Pin
Slawomir Cieslinski23-Feb-11 14:40
Slawomir Cieslinski23-Feb-11 14:40 
GeneralRe: Problem in non English system Pin
jay7923-Mar-11 22:47
jay7923-Mar-11 22:47 
QuestionHelp for accessing custom logs Pin
rashmimansur18-Aug-09 13:20
rashmimansur18-Aug-09 13:20 
GeneralGood job. I have some performance related questions. Pin
cowboe19-Mar-09 8:05
cowboe19-Mar-09 8:05 
GeneralRe: Good job. I have some performance related questions. Pin
Riaan Hanekom21-Mar-09 0:35
Riaan Hanekom21-Mar-09 0:35 
GeneralRe: Good job. I have some performance related questions. Pin
cowboe21-Mar-09 4:09
cowboe21-Mar-09 4:09 
GeneralRe: Good job. I have some performance related questions. Pin
Robb Sadler17-Dec-10 3:37
Robb Sadler17-Dec-10 3:37 
QuestionHow to save a log? Pin
tbener26-Feb-09 6:20
tbener26-Feb-09 6:20 
AnswerRe: How to save a log? Pin
Riaan Hanekom21-Mar-09 0:39
Riaan Hanekom21-Mar-09 0:39 
GeneralFixes Pin
Itzik Rechovot25-Jan-09 2:42
Itzik Rechovot25-Jan-09 2:42 
QuestionProblem with remote event log Pin
Stumangr17-Dec-08 4:12
Stumangr17-Dec-08 4:12 
AnswerRe: Problem with remote event log Pin
5P!ER!019-Feb-09 9:12
5P!ER!019-Feb-09 9:12 
GeneralRe: Problem with remote event log Pin
priyanka.salunkhe27-Sep-11 23:46
priyanka.salunkhe27-Sep-11 23:46 
Generalnot connect to remote machine Pin
kumarmanish76@yahoo.co.in20-Oct-08 1:51
kumarmanish76@yahoo.co.in20-Oct-08 1:51 
GeneralAuto refresh Pin
Yonathan Masovich9-Sep-08 1:41
Yonathan Masovich9-Sep-08 1:41 
GeneralRe: Auto refresh Pin
Riaan Hanekom10-Sep-08 17:50
Riaan Hanekom10-Sep-08 17:50 
Questionlicense? Pin
tadowguy15-Jul-08 10:14
tadowguy15-Jul-08 10:14 
AnswerRe: license? Pin
Riaan Hanekom16-Jul-08 22:14
Riaan Hanekom16-Jul-08 22:14 
GeneralEvent Detail has extra lines Pin
wolfwizard15-Apr-08 12:07
wolfwizard15-Apr-08 12:07 
GeneralSlow down Pin
Paul Tait18-Mar-08 14:25
Paul Tait18-Mar-08 14:25 
GeneralMemory leak in ManagementObjectSearcher.get() Pin
remotehuang29-Oct-07 6:33
remotehuang29-Oct-07 6:33 
GeneralFantastic tool Pin
Abel Pereira18-Oct-07 6:43
Abel Pereira18-Oct-07 6:43 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.