Manage an Event Log

Event logs are the best friends of a system administrator. When some unhandled exception occurs, or system failure, etc. you should write it to the event log, so the information won’t be lost later. You can access event logs by clicking the Manage button on the Computer. Then you should select the Event Viewer pane.

There are three categories of events: System, Security and Application. Forget the former two, you’ll only need to (and are able to) work with the Application event log.

All event log related classes live in the System.Diagnostics namespace. The most important types here:

  • EventLog
  • EventLogEntry
  • EventLogEntryCollection
  • EventLogEntryType
  • EventLogPermission
  • EventLogTraceListener
  • EventSourceCreationData


The main type you’ll use the most is the EventLog class. With it you can write entries to existing event logs, create your own custom logs, read entries, etc. To create a custom event log, you call the static CreateEventSource method. It defines three overloads, you can add a source name, a log name, a machine name, or optionally, you can pass an instance of the EventSourceCreationData class. Remember that you must have administrative rights to create a new event log. So typically, you will create logs during installation.

To write entries to an event log, you’ll use the WriteEntry method. You can call it as a static method, or as an instance. When calling it as an instance method, you must set the source before you do so.
To write events to an event log, the WriteEvent method should be used. The difference between writing an entry and writing an event is that entries can have a descriptive text, while events are only represented by numbers.

A practical thing to remember: the source always come first (in the static constructor), then the message. In instance methods, there’s no source in the parameter list (a good thing to ask at the exam).

To delete an event source, call the static DeleteSource method. To delete an event log, call the static Delete method.

EventLogEntry, EventLogEntryCollection

To read entries written into the event log, you’ll use the EventLog instance’s Entries collection. It is a strongly-typed collection of EventLogEntries. You can access each items with an index. Typically you’ll iterate over these entries in a foreach loop.

EventLogEntryType, EventLogPermission

The EventLogEntryType enumeration has the following values: Error, FaliureAudit, Information, SuccessAudit, Warning. Use them appropriately.

More info about EventLogPermission will be at the security posts.


An EventLogTraceListener is a class that forwards tracing and debugging information to the event log. You can add an instance of this class to the Trace.Listners, Debug.Listeners or the TraceSource.Listeners collection. You can also set this connection up declaratively in an app.config file, but I’ll provide more information about this at the tracing/debugging objectives.

Further Readings

EventLog Methods
Write Entries to Event Logs
Create and Remove Custom Event Logs


Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: