This post originated from an RSS feed registered with .NET Buzz by Steve Hebert. Original Post: remote event log reading - code for a command line utility Feed Title: Steve Hebert's Development Blog Feed URL: /error.htm?aspxerrorpath=/blogs/steve.hebert/rss.aspx Feed Description: .Steve's .Blog - Including .Net, SQL Server, .Math and everything in between Latest .NET Buzz Posts Latest .NET Buzz Posts by Steve Hebert Latest Posts From Steve Hebert's Development Blog

Here's the code for a command-line utility I've written for gathering EventLog information from remote testing/production machines on our network.  I've found the utility to be pretty handy and can be xcopy'd without any other assemblies.  While the utility writes all information out to the Console, it is 'comma-delimeter safe' so you can redirect the output to a file and open it in excel.

I know I could install bits to read the logs over RSS, but in a large company with oversight on the servers getting these types of tools installed is a pain.  This tool also allows me to parameterize the time range - and since we're reviewing these at regular intervals it makes reading far easier. Every solution has its place - this may work well for others.

If you want to use the code below, just create a command line c# application and paste the two classes into the project.  The first class - EventLogReader - implements main(args) and does some simple house-cleaning.  The second class - EventScanner - does the actual work of deciding which messages to write.  While I haven't had a need to parameterize the EventType, this would be a nice addition.  If you make any mods, I only ask that you let me know so I can link to your work.

Disclaimer:  The code listed below is offered without any warranty expressed or implied.  This is despite anything stated before, after or during this posting.  To understand the real scope of this lack of a warranty, understand that no guarantee is made that the code will even compile and if it does compile and actually accomplishes anything it is merely a coincidence on par with a monkey randomly banging on a typewriter and producing a word-for-word copy of Hamlet.  If you use the code and it causes you any problems, you assume full responsibility for the problems and obsolve the author of any form of responsibility.

I should have been a lawyer...  now, onto the code.

class EventLogReader

{

      /// <summary>

      /// The main entry point for the application.

      /// </summary>

      [STAThread]

      static void Main(string[] args)

      {

      if( args != null )

      {

         if( args.Length < 2 || args.Length >3 )

         {

            Console.WriteLine( WriteParmUsageMessage( "Invalid parameter list" ));

            return;

         }

         string machineName = string.Empty;

         string logName = args[0];

         string stimeWindow = args[1];

         if( args.Length > 2 )

            machineName = args[2];

         double timeWindow = 0;

         try

         {

            timeWindow = Convert.ToDouble(stimeWindow);

            if( timeWindow < 0 )

            {

               Console.WriteLine( WriteParmUsageMessage( "Invalid time window parameter - must be a positive integer value"));

               return;

            }

         }

         catch( Exception  )

         {

            Console.WriteLine( WriteParmUsageMessage( "Invalid time window parameter - must be a positive integer value"));

            return;

         }

         EventScanner es = new EventScanner();

         try

         {

            es.WriteEventLog( logName, machineName, timeWindow );

         }

         catch( Exception e )

         {

            WriteParmUsageMessage(string.Format("Unhandled exception while communicating with the event log:\n{0}", e.Message ));

            return;

         }

      }

      }

   static private string WriteParmUsageMessage( string message )

   {

      return string.Format("EventLogReader Error\n{0}:\n    EventLogReader logName timeWindow [machineName]", message );

   }

}