System.Diagnostics.Eventing.Reader

System.Diagnostics.Eventing.Reader Namespace

 

Using the System.Diagnostics.Eventing.Reader namespace, you can develop applications that read and manage event logs. An event in an event log contains information, a warning, or an error that has been published by a specific application, service, or operating system component. These events are read by applications that monitor a computer's health and applications that take action when specific events occur. For more information, see Technology Summary for Reading and Managing Event Logs and Event Log Scenarios.

ClassDescription
System_CAPS_pubclassEventBookmark

Represents a placeholder (bookmark) within an event stream. You can use the placeholder to mark a position and return to this position in a stream of events. An instance of this object can be obtained from an EventRecord object, in which case it corresponds to the position of that event record.

System_CAPS_pubclassEventKeyword

Represents a keyword for an event. Keywords are defined in an event provider and are used to group the event with other similar events (based on the usage of the events).

System_CAPS_pubclassEventLevel

Contains an event level that is defined in an event provider. The level signifies the severity of the event.

System_CAPS_pubclassEventLogConfiguration

Contains static information and configuration settings for an event log. Many of the configurations settings were defined by the event provider that created the log.

System_CAPS_pubclassEventLogException

Represents the base class for all the exceptions that are thrown when an error occurs while reading event log related information.

System_CAPS_pubclassEventLogInformation

Allows you to access the run-time properties of active event logs and event log files. These properties include the number of events in the log, the size of the log, a value that determines whether the log is full, and the last time the log was written to or accessed.

System_CAPS_pubclassEventLogInvalidDataException

Represents the exception thrown when an event provider publishes invalid data in an event.

System_CAPS_pubclassEventLogLink

Represents a link between an event provider and an event log that the provider publishes events into. This object cannot be instantiated.

System_CAPS_pubclassEventLogNotFoundException

Represents the exception that is thrown when a requested event log (usually specified by the name of the event log or the path to the event log file) does not exist.

System_CAPS_pubclassEventLogPropertySelector

Contains an array of strings that represent XPath queries for elements in the XML representation of an event, which is based on the Event Schema. The queries in this object are used to extract values from the event.

System_CAPS_pubclassEventLogProviderDisabledException

Represents the exception that is thrown when a specified event provider name references a disabled event provider. A disabled event provider cannot publish events.

System_CAPS_pubclassEventLogQuery

Represents a query for events in an event log and the settings that define how the query is executed and on what computer the query is executed on.

System_CAPS_pubclassEventLogReader

Enables you to read events from an event log based on an event query. The events that are read by this object are returned as EventRecord objects.

System_CAPS_pubclassEventLogReadingException

Represents an exception that is thrown when an error occurred while reading, querying, or subscribing to the events in an event log.

System_CAPS_pubclassEventLogRecord

Contains the properties of an event instance for an event that is received from an EventLogReader object. The event properties provide information about the event such as the name of the computer where the event was logged and the time that the event was created.

System_CAPS_pubclassEventLogSession

Used to access the Event Log service on the local computer or a remote computer so you can manage and gather information about the event logs and event providers on the computer.

System_CAPS_pubclassEventLogStatus

Contains the status code or error code for a specific event log. This status can be used to determine if the event log is available for an operation.

System_CAPS_pubclassEventLogWatcher

Allows you to subscribe to incoming events. Each time a desired event is published to an event log, the EventRecordWritten event is raised, and the method that handles this event will be executed.

System_CAPS_pubclassEventMetadata

Contains the metadata (properties and settings) for an event that is defined in an event provider.

System_CAPS_pubclassEventOpcode

Contains an event opcode that is defined in an event provider. An opcode defines a numeric value that identifies the activity or a point within an activity that the application was performing when it raised the event.

System_CAPS_pubclassEventProperty

Contains the value of an event property that is specified by the event provider when the event is published.

System_CAPS_pubclassEventRecord

Defines the properties of an event instance for an event that is received from an EventLogReader object. The event properties provide information about the event such as the name of the computer where the event was logged and the time the event was created. This class is an abstract class. The EventLogRecord class implements this class.

System_CAPS_pubclassEventRecordWrittenEventArgs

When the EventRecordWritten event is raised, an instance of this object is passed to the delegate method that handles the event. This object contains the event that was published to the event log or the exception that occurred when the event subscription failed.

System_CAPS_pubclassEventTask

Contains an event task that is defined in an event provider. The task identifies a portion of an application or a component that publishes an event. A task is a 16-bit value with 16 top values reserved.

System_CAPS_pubclassProviderMetadata

Contains static information about an event provider, such as the name and id of the provider, and the collection of events defined in the provider.

EnumerationDescription
System_CAPS_pubenumEventLogIsolation

Defines the default access permissions for the event log. The Application and System values indicate that the log shares the access control list (ACL) with the appropriate Windows log (the Application or System event logs) and share the Event Tracing for Windows (ETW) session with other logs of the same isolation. All channels with Custom isolation use a private ETW session.

System_CAPS_pubenumEventLogMode

Determines the behavior for the event log service handles an event log when the log reaches its maximum allowed size (when the event log is full).

System_CAPS_pubenumEventLogType

Defines the type of events that are logged in an event log. Each log can only contain one type of event.

System_CAPS_pubenumPathType

Specifies that a string contains a name of an event log or the file system path to an event log file.

System_CAPS_pubenumSessionAuthentication

Defines values for the type of authentication used during a Remote Procedure Call (RPC) login to a server. This login occurs when you create a EventLogSession object that specifies a connection to a remote computer.

System_CAPS_pubenumStandardEventKeywords

Defines the standard keywords that are attached to events by the event provider. For more information about keywords, see EventKeyword.

System_CAPS_pubenumStandardEventLevel

Defines the standard event levels that are used in the Event Log service. The level defines the severity of the event. Custom event levels can be defined beyond these standard levels. For more information about levels, see EventLevel.

System_CAPS_pubenumStandardEventOpcode

Defines the standard opcodes that are attached to events by the event provider. For more information about opcodes, see EventOpcode.

System_CAPS_pubenumStandardEventTask

Defines the standard tasks that are attached to events by the event provider. For more information about tasks, see EventTask.

Return to top
Show:
© 2016 Microsoft