C# – Which approach is better to read Windows Event log in C#? WMI or EventLog

cevent-logloggingwindowswmi

I need to write an application to grab event log for System/Applications. The other requirement is that I need to read event log every minute or so to grab the new event logs since I read last time.
Currently I am considering to use C# to implement instead of C++.

With that I read several webpages and if I understand correctly, I can use either WMI or EventLog class to read event log.
It seems to me that I can be notified when the new event log is added using EventLog class but I was not sure that is better than using WMI.
If my understanding is correct, I would like to know which way I should take?

Please give me some advice. Thanks.

Best Answer

I know this is long after the original post, but I hope this is usefule to future searchers like myself who found the EventLog class too slow. Here is some code to demonstrate searching for the most recent System startup events:

EventLog ev = new EventLog()
{
    Log = "System"
};
SystemSession sess;

DateTime t1 = DateTime.Now;
DateTime t2 = DateTime.Now;
DateTime fromDate = DateTime.Now.AddDays(-30);
TimeSpan t;
int i, j=0;

t1 = DateTime.Now;
for (i = ev.Entries.Count - 1; i >= 0; i--)
{
    if (ev.Entries[i].TimeGenerated < fromDate) break;

    if (ev.Entries[i].InstanceId == 12)
    {
        //do something ...
        break;
    }
}
t2 = DateTime.Now;

t = new TimeSpan(t2.Ticks - t1.Ticks);
string duration = String.Format("After {0} iterations, elapsed time = {2}",
    ev.Entries.Count - i,
    t.ToString("c"));

If you only want the most recent entry, this code took 0.28 seconds on my machine, compared with 7.11 seconds using EventLog class in place of the for() loop:

var entry = (from EventLogEntry e in ev.Entries
         where (e.InstanceId == 12)
         && e.TimeGenerated >= fromDate
         orderby e.TimeGenerated
         select e).LastOrDefault();

Hope it helps.

Related Topic