System.Diagnostics.Eventing.Reader Namespace


Using the System.Diagnostics.Eventing.Reader namespace, you can develop applications that read and manage event logs. An event in an event log contains information, a warning, or an error that has been published by a specific application, service, or operating system component. These events are read by applications that monitor a computer's health and applications that take action when specific events occur. For more information, see and .79377aba-b6e5-4e4d-a9be-ea25ce6f1dc5d26107ee-7a80-44d7-b43b-cf774559e4ac


Represents a placeholder (bookmark) within an event stream. You can use the placeholder to mark a position and return to this position in a stream of events. An instance of this object can be obtained from an EventRecord object, in which case it corresponds to the position of that event record.


Represents a keyword for an event. Keywords are defined in an event provider and are used to group the event with other similar events (based on the usage of the events).


Contains an event level that is defined in an event provider. The level signifies the severity of the event.


Contains static information and configuration settings for an event log. Many of the configurations settings were defined by the event provider that created the log.


Represents the base class for all the exceptions that are thrown when an error occurs while reading event log related information.


Allows you to access the run-time properties of active event logs and event log files. These properties include the number of events in the log, the size of the log, a value that determines whether the log is full, and the last time the log was written to or accessed.


Represents the exception thrown when an event provider publishes invalid data in an event.


Represents a link between an event provider and an event log that the provider publishes events into. This object cannot be instantiated.


Represents the exception that is thrown when a requested event log (usually specified by the name of the event log or the path to the event log file) does not exist.


Contains an array of strings that represent XPath queries for elements in the XML representation of an event, which is based on the Event Schema. The queries in this object are used to extract values from the event.


Represents the exception that is thrown when a specified event provider name references a disabled event provider. A disabled event provider cannot publish events.


Represents a query for events in an event log and the settings that define how the query is executed and on what computer the query is executed on.


Enables you to read events from an event log based on an event query. The events that are read by this object are returned as EventRecord objects.


Represents an exception that is thrown when an error occurred while reading, querying, or subscribing to the events in an event log.


Contains the properties of an event instance for an event that is received from an EventLogReader object. The event properties provide information about the event such as the name of the computer where the event was logged and the time that the event was created.


Used to access the Event Log service on the local computer or a remote computer so you can manage and gather information about the event logs and event providers on the computer.


Contains the status code or error code for a specific event log. This status can be used to determine if the event log is available for an operation.


Allows you to subscribe to incoming events. Each time a desired event is published to an event log, the EventRecordWritten event is raised, and the method that handles this event will be executed.


Contains the metadata (properties and settings) for an event that is defined in an event provider.


Contains an event opcode that is defined in an event provider. An opcode defines a numeric value that identifies the activity or a point within an activity that the application was performing when it raised the event.


Contains the value of an event property that is specified by the event provider when the event is published.


Defines the properties of an event instance for an event that is received from an EventLogReader object. The event properties provide information about the event such as the name of the computer where the event was logged and the time the event was created. This class is an abstract class. The EventLogRecord class implements this class.


When the EventRecordWritten event is raised, an instance of this object is passed to the delegate method that handles the event. This object contains the event that was published to the event log or the exception that occurred when the event subscription failed.


Contains an event task that is defined in an event provider. The task identifies a portion of an application or a component that publishes an event. A task is a 16-bit value with 16 top values reserved.


Contains static information about an event provider, such as the name and id of the provider, and the collection of events defined in the provider.


Defines the default access permissions for the event log. The Application and System values indicate that the log shares the access control list (ACL) with the appropriate Windows log (the Application or System event logs) and share the Event Tracing for Windows (ETW) session with other logs of the same isolation. All channels with Custom isolation use a private ETW session.


Determines the behavior for the event log service handles an event log when the log reaches its maximum allowed size (when the event log is full).


Defines the type of events that are logged in an event log. Each log can only contain one type of event.


Specifies that a string contains a name of an event log or the file system path to an event log file.


Defines values for the type of authentication used during a Remote Procedure Call (RPC) login to a server. This login occurs when you create a EventLogSession object that specifies a connection to a remote computer.


Defines the standard keywords that are attached to events by the event provider. For more information about keywords, see EventKeyword.


Defines the standard event levels that are used in the Event Log service. The level defines the severity of the event. Custom event levels can be defined beyond these standard levels. For more information about levels, see EventLevel.


Defines the standard opcodes that are attached to events by the event provider. For more information about opcodes, see EventOpcode.


Defines the standard tasks that are attached to events by the event provider. For more information about tasks, see EventTask.

Return to top
© 2015 Microsoft