Anyone know why I can't access the winevt folder programmatically in C#?

Question

I\'ve been trying to get into the \'C:\\Windows\\System32\\winevt\\Logs\' folder programmatically using C# so I can copy the event log files to a backup directory and then c

Answer 1

Is your application running as a 32-bit application on a 64-bit version of Windows? If so, any access to %windir%\System32 is redirected to %windir%\SystemWOW64 (where there is no winevt directory).

If you use %windir%\Sysnative\winevt you should be able to access it.

Answer 2

Here is the code that I have that works now after I changed system32 to sysnative as per John Rasch suggestion.

string LogFileDirectory = @"C:\Windows\Sysnative\winevt\Logs\";
string LogFileExtension = ".evtx";
string Date = DateTime.Now.Year.ToString() + "-" + DateTime.Now.Month.ToString() + "-" + DateTime.Now.Day.ToString();
string BackupDir = @"C:\Backups\" + Date + "\\";
Directory.CreateDirectory(BackupDir);
foreach (EventLog log in EventLog.GetEventLogs())
{
 string source = LogFileDirectory + log.Log + LogFileExtension;
 string dest = BackupDir + log.Log + LogFileExtension;
 try
 {
  File.Copy(source, dest);
 }
 catch (Exception e)
 {
  Console.WriteLine("Error occured :" + e.Message);
  Console.WriteLine(e);
 }
 finally
 {
  if (!File.Exists(dest))
  {
   Console.WriteLine("Backup Failed for " + log.Log);
  }
  else
  {
   Console.WriteLine("Backup Successful for " + log.Log);
   //log.Clear();  // Commented out during development
  }
 }
}