Which approach is better to read Windows Event log in C#? WMI or EventLog

Question

I need to write an application to grab event log for System/Applications. The other requirement is that I need to read event log every minute or so to grab the new event log

Answer 1

Check out the classes in the namespace System.Diagnostics.Eventing (and deeper) rather than using the EventLog class.

When accessing a remote computer (maybe just Vista and later) using the EventLog class, the remote computer generates around 6 security audit entries as you connect to the logs, and another entry or 2 every time you retrieve a log record in a loop.

But with the EventLogQuery / EventLogReader / EventLogWatcher you can create an EventLogSession that keeps you connected. And you can retrieve specific entries using an XPath query whereas EventLog forces you to iterate over all entries to find an entry.

http://msdn.microsoft.com/en-us/library/bb671200.aspx

WARNING: To get the event message, the method EventLogRecord.FormatDescription() is hit-or-miss, and the property LevelDisplayName is also hit-or-miss. For this reason I am switching back to the EventLog class for retrieving the entries, and using the EventLogWatcher for watching entries.