September 2, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

.NET Tip: Searching for a Needle in a Haystack, or an Entry in an Event Log

  • February 3, 2009
  • By Jay Miller
  • Send Email »
  • More Articles »

I frequently receive calls asking why an application is not behaving as expected. Many times, a quick look at the database can provide the answer. Sometimes, however, things are a little more involved. Our internal applications make extensive use of event logs. The event logs will contain error messages, warnings, and in the case of some occasionally connected systems a log of all the data received. Trying to manually forge through the event logs can be a daunting task. The answer, of course, is to let a computer do most of the searching for you. Here is a class with a couple static methods that you can use to quickly limit the number of event log entries that you have to manually search through:

public enum EventLogFilterType
{
   TimeGenerated,
   UserName,
   MachineName,
   Category,
   Source,
   EntryType,
   Message,
   EventID
}

public sealed class SearchEventLog
{
   // Prevent this class from being instantiated.
   private SearchEventLog() {}
   public static EventLogEntry[]
      FilterEventLog(EventLogFilterType FilterType,
                     IEnumerable Entries, object Criteria1,
                     object Criteria2)
   {
      ArrayList FilteredEntries = new ArrayList();
      foreach (EventLogEntry Entry in Entries)
      {
         switch (FilterType)
         {
            case EventLogFilterType.TimeGenerated:
               if (Entry.TimeGenerated >= (DateTime)Criteria1 &&
                   Entry.TimeGenerated <= (DateTime)Criteria2)
                  FilteredEntries.Add(Entry);
               break;
         }
      }
      EventLogEntry[] EntriesArray =
         new EventLogEntry[FilteredEntries.Count];
      FilteredEntries.CopyTo(EntriesArray);
      return (EntriesArray);
   }
   public static EventLogEntry[]
      FilterEventLog(EventLogFilterType FilterType,
                     IEnumerable Entries, object Criteria)
   {
      ArrayList FilteredEntries = new ArrayList();
      foreach (EventLogEntry Entry in Entries)
      {
         switch (FilterType)
         {
            case EventLogFilterType.Category:
               if (Entry.Category == (string)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.EntryType:
               if (Entry.EntryType == (EventLogEntryType)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.EventID:
               if (Entry.EventID == (int)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.MachineName:
               if (Entry.MachineName == (string)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.Message:
               if (Entry.Message == (string)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.Source:
               if (Entry.Source == (string)Criteria)
                  FilteredEntries.Add(Entry);
               break;
            case EventLogFilterType.UserName:
               if (Entry.UserName == (string)Criteria)
                  FilteredEntries.Add(Entry);
               break;
         }
      }
      EventLogEntry[] EntriesArray =
         new EventLogEntry[FilteredEntries.Count];
      FilteredEntries.CopyTo(EntriesArray);
      return (EntriesArray);
   }
}

First, an enumeration is defined for the list of possible fields that can be used to filter the event log entries. Next, the SearchEventLog class is listed; it includes two methods for filtering. The first FilterEventLog() method is used to filter event log entries that fall between the two criteria conditions. This method is currently only used to limit the event log entries to a date range. The second FilterEventLog() method is used to filter event log entries that exactly match the criteria condition.





Page 1 of 2



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel