How to get a list of all Windows event logs (event view logs) with their hierarchy and friendly names in C #

Question

How to get a list of all Windows event logs (event view logs) with their hierarchy and friendly names in C #

I am trying to sort replication from event viewer

I have problems with a few things. At first, some of the names that I return are not display names or friendly names. For example, for "Microsoft Office Alerts" I will just go back to "OAlerts". How can I get Microsoft Office Alerts from OAlerts?

The second problem is clarifying the hierarchy. It seems that all I can do is make out the dash and do something like guesswork. There is no easy way in the API to figure this out. GetLogNames just gives you a flat list of all the magazines.

EventLogSession session = new EventLogSession();
List<string> logNames = new List<string>(session.GetLogNames());
foreach (string name in logNames)
{
   //EventLogConfiguration config = new EventLogConfiguration(name); //looks useful but doesn't give me any of the info i'm looking for.

   Console.WriteLine(name);
}

+4

c# .net system.diagnostics etw event-viewer

Mark 06 . '16 16:21

1

Simon Mourier · Accepted Answer · 2016-06-08T23:07:08+0000

: EventSource NuGet Windows ( ) EventSource, :

Name Name EventSourceAttributes, , ETW, . , , ETW . "<CompanyName>-<Product>-<Component>". 3- , Event Viewer : "Application and Services Logs/<CompanyName>/<Product>/<Component> ".

, - , ( , ). , - .

, , EvtIntGetClassicLogDisplayName, , . :

    static void Main(string[] args)
    {
        var session = new EventLogSession();
        foreach (string name in session.GetLogNames())
        {
            Console.WriteLine(GetDisplayName(session, name));
        }
    }

( , , "OAlert", , ):

    public static string GetDisplayName(EventLogSession session, string logName)
    {
        var sb = new StringBuilder(512);
        int bufferUsed = 0;
        if (EvtIntGetClassicLogDisplayName(GetSessionHandle(session).DangerousGetHandle(), logName, 0, 0, sb.Capacity, sb, out bufferUsed))
            return sb.ToString();

        return logName;
    }

    private static SafeHandle GetSessionHandle(EventLogSession session)
    {
        return (SafeHandle)session.GetType().GetProperty("Handle", BindingFlags.Instance | BindingFlags.NonPublic).GetValue(session);
    }

    [DllImport("wevtapi.dll", CharSet = CharSet.Unicode)]
    private static extern bool EvtIntGetClassicLogDisplayName(IntPtr session, [MarshalAs(UnmanagedType.LPWStr)] string logName, int locale, int flags, int bufferSize, [MarshalAs(UnmanagedType.LPWStr)] StringBuilder displayName, out int bufferUsed);

How to get a list of all Windows event logs (event view logs) with their hierarchy and friendly names in C #

More articles: