The EventLog class allows you to access or customize Windows NT, 2000, and XP event logs, which record information about important software or hardware events. Using the EventLog class, you can read from existing logs, write entries to logs, create or delete event sources, delete logs, and respond to log entries. You can also create new logs when creating an event source. Table 21.7 describes the members of the EventLog class.
Table 21.7: EventLog Class Members
Event logging provides a standard, centralized way for you to have your applications record important software and hardware events. Windows supplies a standard user interface for viewing the event logs (you can open Event Viewer MMC from Control Panel?Administrative Tools?Computer Management?Event Viewer). Using the Microsoft .NET Framework's EventLog component, you can easily connect to existing event logs on both local and remote computers and read entries from those logs programmatically.
The types of event logs are defined under the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\ Services\Eventlog registry hive. Windows 2000 includes Application, Security, System, Active Directory, and Domain Name System (DNS) logs by default. In an earlier example, we also added a "Demo" event log source hive in our listener program. Listing 21.16 illustrates how you can create an event source, check the existence of the Application and Demo event sources (which will be created by us) as an event log or in Event Viewer, enumerate and read event log entries, write entries to a log, and monitor the event log source for any new entries written to the log.
Listing 21.16: Using EventLog using System;
public static void Main()
// check for the event log source on specified machine
// the Application event log source on MCBcomputer
if (!EventLog.Exists("Application", "MCBcomputer"))
Console.WriteLine("The log does not exist!");
EventLog myLog = new EventLog();
myLog.Log = "Application";
myLog.MachineName = "MCBcomputer";
Console.WriteLine("There are " + myLog.Entries.Count + " entr[y|ies] in the Application log:");
foreach (EventLogEntry entry in myLog.Entries)
Console.WriteLine("\tEntry: " + entry.Message);
// check for Demo event log source existence
// create it if it not exist
EventLog.WriteEntry("AnySource", "writing error to demo log.", EventLogEntryType.Error);
Console.WriteLine("Monitoring of Application event log began...");
Console.WriteLine(@"Press 'q' and 'Enter' to quit");
while (Console.Read() != 'q')
// Now we will monitor the new entries that will be written.
// When you create an EntryWrittenEventHandler delegate
// you identify the method that will handle the event.
myLog.EntryWritten += new EntryWrittenEventHandler(OnEntryWritten);
// EnableRaisingEvents gets or sets a value indicating whether the
// EventLog instance receives EntryWritten event notifications.
myLog.EnableRaisingEvents = true;
public static void OnEntryWritten(Object source, EntryWrittenEventArgs e)
Console.WriteLine("written entry: " + e.Entry.Message);