c# - How do I watch the event log for a specific entry in realtime, also getting the XML data? -

i'm building application should watch file access, reading, writing, deleting.

i'm using built in auditing system on windows 7 pro. turn on in gpedit.msc, , set audit flags files want watch, , entries in security log.

what want watching security log in real time, this:

static eventlog securitylog = new eventlog("security", system.environment.machinename);  securitylog.entrywritten += new entrywritteneventhandler(onentrywritten); securitylog.enableraisingevents = true;

this works , calls onentrywritten-function.

public static void onentrywritten(object source, entrywritteneventargs entry)

entry.entry entrywritteneventargs.entry property, doesn't seem give me access xml-properties of entry, need, beecause contains additional information.

what i'm trying afterwards query event log via eventlogreader, because can entry.entry.index should eventinstance.recordid of event eventlogreader.

<querylist>   <query id="0" path="security">     <select path="security">">*[system[(eventrecordid=181616)]]</select>   </query> </querylist>

works xpath query directly in event log, gives 1 entry.

string query = "*[system[(eventrecordid=" + entry.entry.index + ")]]";  // create event log query , reader eventlogquery eventsquery = new eventlogquery("security",                                               pathtype.logname,                                               query);  eventlogreader logreader = new eventlogreader(eventsquery);  // each event returned query (eventrecord eventinstance = logreader.readevent(); eventinstance != null; eventinstance = logreader.readevent())             {                 if (eventinstance.recordid == entry.entry.index)  //recordid , index same thing: identifier of record/entry.                  {                     xdocument xml;                     try                     {                         xml = xdocument.parse(logreader.readevent().toxml());                     }                      catch (exception e)                     {                         //logger.write(e.message.tostring());                         break;      //we seem have newline character in logreader.readevent() sometimes, nothing else, can safely break here or ignore it.                     }

this fails when try xml, why that?

i "object reference not set instance of object." system.nullreferenceexception. i'm not sure how error can happen.

if query log this

eventlogquery eventsquery = new eventlogquery("security",                                               pathtype.logname,                                               "*[eventdata[data[@name='objecttype'] , (data='file')]] ");

it works without problem.

what's best way this, anyway?

the instanceid not return same value index value.

try following snippet correct id

uint16 eventid = (uint16)(entry.entry.instanceid)

Search This Blog

Brazell

c# - How do I watch the event log for a specific entry in realtime, also getting the XML data? -

Comments

Post a Comment

Popular posts from this blog

How to remove text and logo OR add Overflow on Android ActionBar using AppCompat on API 8? -

html - How to style widget with post count different than without post count -

url rewriting - How to redirect a http POST with urlrewritefilter -