How to retrieve event log other than Application category?

问题

I'm trying to retrieve some event log in a category that is different from Application. For example, I want to get the info in "Microsoft-Windows-Application Server-Applications/Operational". Below it is my code

EventLog log = new EventLog("Microsoft-Windows-Application Server-Applications/Operational");
int index = log.Entries.Count - 1;
Debug.WriteLine(log.Entries[index].Message);

But it always shows the error:

The event log 'Microsoft-Windows-Application Server-Applications/Operational' on computer '.' does not exist.

If I simply use "Application", then I can get the log in Application category.

How to get log for "Microsoft-Windows-Application Server-Applications/Operational"?

Thanks

回答1:

The EventLog class only lets you access Windows event logs. You will want to use instead the EventLogReader found in System.Diagnostics.Eventing.Reader namespace.

        EventLogQuery query = new EventLogQuery("Microsoft-Windows-Application Server-Applications/Operational", PathType.LogName, "*");
        EventLogReader reader = new EventLogReader(query);
        EventRecord eventRecord;
        while ((eventRecord = reader.ReadEvent()) != null)
        {
            Console.WriteLine(String.Format("{0} - {1}",
                eventRecord.TimeCreated,
                eventRecord.FormatDescription()));
        }

回答2:

You may need to use the EventLogReader and EventLogQuery to achieve this.

EventLogReader reader = new EventLogReader("Microsoft-Windows-Application Server-Applications/Operational");
string message = reader.ReadEvent().FormatDescription();

You can use the EventLogQuery to retrieve results in a descending order.

However, I am not too sure, why this does not work with the EventLog. Maybe somebody else can help clarify that.

回答3:

@MatthewG 's Answer is partly correct. EventLog class allows you to access administrative logs as per definition in MSDN. But they actually display folder names which are found under the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\

You can verify this by creating a new folder with the a random name and you'll find the random name being displayed when you query using EventLog.GetEventLogs() method. Something, I believe that Microsoft have implemented very poorly.

So you're going to have to use EventLogQuery and EventLogReader classes to read event logs.

来源：https://stackoverflow.com/questions/33680388/how-to-retrieve-event-log-other-than-application-category