How to get new logs in an EventLogEntyCollection?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Massimo on Stack Overflow See other posts from Stack Overflow or by Massimo
Published on 2010-04-22T14:15:05Z Indexed on 2010/04/22 14:33 UTC
Read the original article Hit count: 178

Filed under:
|

I need to monitor security event logs on very busy domain controllers, which generates hundreds of them each minute.

I know how to use EventLog, EventLogEntry and EvenLogEntryCollection to open and read a server's event log, but an EvenLogEntryCollection can contain ~300.000 events, and it wraps around continuously (and very fast), so I can't rely on its index to find new entries.

So far, the only thing I was able to come up with is saving the timestamp of the last processed log entry and then iterate above the EventLogEntryCollection until I find an EventLogEntry which TimeGenerated properties is greater than the timestamp I saved; but it's terribly slow to iterate on ~300.000 entries to find the new ones.

How can I quickly find the new entries in an big event log?

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about .NET

Related posts about eventlog

  • deleting eventlog

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Hey, How can I delete a specific eventlog entry (say id 130 with source: Myprog) or delete all eventlogs from a specific source without deleting the whole eventlogs under "Application" folder? public static void deleteEvent() { string logName; if (EventLog.SourceExists(SOURCE)) … >>> More

  • Reading EventLog C# Errors

    as seen on Stack Overflow - Search for 'Stack Overflow'
    I have this code in my ASP.NET application written in C# that is trying to read the eventlog, but it returns an error. EventLog aLog = new EventLog(); aLog.Log = "Application"; aLog.MachineName = "."; // Local machine foreach (EventLogEntry entry in aLog.Entries) { if (entry.Source.Equals("tvNZB")) … >>> More

  • get-eventlog issue

    as seen on Server Fault - Search for 'Server Fault'
    I wanted to get a quick report of some log entries I saw on a server, so I ran: Get-Eventlog -logname system -newest 10 -computer fs1 | fl I got events back however the descriptions were all wrong. Here's an example: Index : 1260055 EntryType : Warning InstanceId : 2186936367 Message : The… >>> More

  • Access to Windows 7 log from a remote machine

    as seen on Super User - Search for 'Super User'
    I'm trying to access with EventViewer (from a Windows XP Prof) to a remote machine with Windows 7 (Seven). Before I started the Service "RemoteRegistry" I received an "Access Denied". After started the service I can connet to the machine Log (in EventViewer app) but when i clik on any log as "Application"… >>> More

  • logparser not matching on a LIKE pattern

    as seen on Stack Overflow - Search for 'Stack Overflow'
    Hi I seem to have the strangest problem. I am using logparser to search an event log for some text that I know is there (i copied and pasted the string from the event into the sql search string). But the sql LIKE statement is returning a empty results. But other LIKE statments seem to be working file… >>> More

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle