You may have multiple applications that write to a single event log. For each of these applications, you want a monitoring application to watch for one or more specific log entries to be written to the event log. For example, you might want to watch for a log entry that indicates that an application encountered a critical error or shut down unexpectedly. These log entries should be reported in real time.
Monitoring an event log for a specific entry requires the following steps:
Create the following method to set up the event handler to handle event log writes:
public void WatchForAppEvent(EventLog log) { log.EnableRaisingEvents = true; log.EntryWritten += new EntryWrittenEventHandler(OnEntryWritten); }
Create the event handler to examine the log entries and determine whether further action is to be performed. For example:
public static void OnEntryWritten(object source, EntryWrittenEventArgs entryArg) { if (entryArg.Entry.EntryType == EventLogEntryType.Error) { Console.WriteLine(entryArg.Entry.Message); Console.WriteLine(entryArg.Entry.Category); Console.WriteLine(entryArg.Entry.EntryType.ToString( )); // Do further actions here as necessary... } }
This recipe revolves around the
EntryWrittenEventHandler
delegate, which calls back a method whenever any new entry is written
to the event log. The EntryWrittenEventHandler
delegate accepts two arguments: a source
of type object
and an
entryArg
of type
EntryWrittenEventArgs
. The
entryArg
parameter is the most interesting
of the two. It contains a property called Entry
that returns an EventLogEntry
object. This
EventLogEntry
object contains all the information
you need concerning the entry that was written to the event log.
This event log that we are watching is passed as the
WatchForAppEvent
method’s
log
parameter. This method performs two
actions. First, it sets log
’s
EnableRaisingEvents
property to
true
. If this property were set to
false
, no events would be raised for this event
log when an entry is written to it. The second action this method
performs is to add the OnEntryWritten
callback
method to the list of event handlers for this event log.
To prevent this delegate from calling the
OnEntryWritten
callback method, you can set the
EnableRaisingEvents
property to
false
, effectively turning off the delegate.
Note that the Entry
object returned by the
entryArg
parameter of the
OnEntryWritten
callback method is read-only and
therefore the entry cannot be modified before it is written to the
event log.