C
Charankumar S
Guest
I want to raise an event whenever a new log entry is added to a particular event log file in windows event viewer.
Here is my code:
static void Main()
{
EventLogWatcher watcher = null;
try
{
EventLogQuery eventQuery = new EventLogQuery("C:\\Windows\\System32\\winevt\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx", PathType.FilePath);
EventLogReader logReader = new EventLogReader(eventQuery);
DisplayEventAndLogInformation(logReader);// this successfully opens the log and shows all logged events.
watcher = new EventLogWatcher(eventQuery);
watcher.EventRecordWritten +=
new EventHandler<EventRecordWrittenEventArgs>(SomeEvent);
watcher.Enabled = true; // here i get an unhandled exception which is as below:
} //exception handling omitted here for conciseness
public static void SomeEvent(Object obj, EventRecordWrittenEventArgs arg){}
public static void DisplayEventAndLogInformation(EventLogReader logReader){}
I cannot use PathType.LogName as this is not a standard system log and it doesn't have a corresponding registry key under
HKLM/System/CurrentControlSet/Services/EventLog
.This code works fine when I use a Logname like "System" or "Application" but it fails when I use their corresponding PathType.FilePath. I want it to work with PathType.FilePath and trigger events whenever a particular query(not mentioned here) is entered into the log. Any inputs on why this code is not working would be great! Why am I getting "channel path inavalid" errors when the DisplayEventAndLogInformation method perfectly works fine?
Continue reading...
Here is my code:
static void Main()
{
EventLogWatcher watcher = null;
try
{
EventLogQuery eventQuery = new EventLogQuery("C:\\Windows\\System32\\winevt\\Logs\\Microsoft-Windows-AppLocker%4EXE and DLL.evtx", PathType.FilePath);
EventLogReader logReader = new EventLogReader(eventQuery);
DisplayEventAndLogInformation(logReader);// this successfully opens the log and shows all logged events.
watcher = new EventLogWatcher(eventQuery);
watcher.EventRecordWritten +=
new EventHandler<EventRecordWrittenEventArgs>(SomeEvent);
watcher.Enabled = true; // here i get an unhandled exception which is as below:
} //exception handling omitted here for conciseness
public static void SomeEvent(Object obj, EventRecordWrittenEventArgs arg){}
public static void DisplayEventAndLogInformation(EventLogReader logReader){}
I cannot use PathType.LogName as this is not a standard system log and it doesn't have a corresponding registry key under
HKLM/System/CurrentControlSet/Services/EventLog
.This code works fine when I use a Logname like "System" or "Application" but it fails when I use their corresponding PathType.FilePath. I want it to work with PathType.FilePath and trigger events whenever a particular query(not mentioned here) is entered into the log. Any inputs on why this code is not working would be great! Why am I getting "channel path inavalid" errors when the DisplayEventAndLogInformation method perfectly works fine?
Continue reading...