Walkthrough: Exploring Event Logs, Event Sources, and Entries

  • Article

[This documentation is for preview only, and is subject to change in later releases. Blank topics are included as placeholders.]

This walkthrough will take you through the major feature areas of event logging in your Visual Studio application. During this walkthrough, you will learn how to do the following:

  • Create an EventLog component.

  • Write code to create and delete custom event logs.

  • Write entries of various types to the custom log.

  • Read entries from the custom log.

  • Verify that the logs and event sources exist.

  • Clear log entries.

  • Use Server Explorer to verify the results of your event log actions.

Note

Your computer might show different names or locations for some of the Visual Studio user interface elements in the following instructions. The Visual Studio edition that you have and the settings that you use determine these elements. For more information, see Working with Settings.

Creating the User Interface

In this walkthrough, you will create a Windows application and use a series of controls on it to start a series of event-logging actions.

To create the form and controls for your application

  1. From the New Project dialog box, create a Visual Basic or Visual C# Windows Application, and name it EventLogApp1.

  2. Add eight buttons to the form, and set the following properties for them:

    Control

    Text Property

    Name Property

    Button1

    Create Custom Log

    CreateLog

    Button2

    Delete Log

    DeleteLog

    Button3

    Write Entry

    WriteEntry

    Button4

    Clear Log

    ClearLog

    Button5

    Verify Log Exists

    VerifyLog

    Button6

    Verify Source Exists

    VerifySource

    Button7

    Remove Event Source

    RemoveSource

    Button8

    Read Entry

    ReadEntry

  3. In turn, do the following for each button:

    1. In the designer, double-click the button to create a default event handler for that button. The Code Editor appears and a stub for the button's Click() event appears.

    2. Return to Design view, and double-click the next button.

    3. Continue until you have created a default event handler stub for each button.

  4. From the Components tab of the Toolbox, drag an EventLog component to the form.

    An EventLog component instance appears in the component tray area at the bottom of the form.

Creating and Deleting a Custom Log

In this procedure, you will use the SourceExists() method to verify that the source you are using does not already exist, and then you will call the CreateEventSource() method with the name of a log that does not exist. Because this log does not exist, the system will create a custom log for you when this code is run.

To create the custom log

  1. In the Code Editor, locate the CreateLog_Click procedure.

  2. Type in the following code. The event log and source are created as a pair, and the source cannot already exist before the event log is created. After creating the event log, the EventLog component is configured to access the new event log.

    ' Source cannot already exist before creating the log.
If EventLog.SourceExists("Source1") Then
   EventLog.DeleteEventSource("Source1")
End If

' Logs and Sources are created as a pair.
EventLog.CreateEventSource("Source1", "NewLog1")
' Associate the EventLog component with the new log.
EventLog1.Log = "NewLog1"
EventLog1.Source = "Source1"

    // Source cannot already exist before creating the log.
if (System.Diagnostics.EventLog.SourceExists("Source1"))
{
   System.Diagnostics.EventLog.DeleteEventSource("Source1");
}

// Logs and Sources are created as a pair.
System.Diagnostics.EventLog.CreateEventSource("Source1", "NewLog1");
// Associate the EventLog component with the new log.
eventLog1.Log = "NewLog1";
eventLog1.Source = "Source1";
    Security noteSecurity Note

    When you create an event log, you have to decide what to do if that resource already exists. Another process, perhaps a malicious one, may have already created the event log and have access to it. When you put data in the event log, the data is available to the other process.

To delete a custom log

  1. In the Code Editor, locate the DeleteLog_Click procedure.

  2. Type in the following code:

    If EventLog.Exists("NewLog1") Then
   EventLog.Delete("NewLog1")
End If

    if (System.Diagnostics.EventLog.Exists("NewLog1"))
{
   System.Diagnostics.EventLog.Delete("NewLog1");
}

Writing Entries to the Log

In this procedure, you will use the EventLog component instance you created to write entries to the log. To do so, you will first configure the component to use the source string you just created. Then you will specify two entries to write: an informational event and an error event.

To write entries to the log

  1. In the Code Editor, locate the WriteEntry_Click procedure.

  2. Type in the following code. This code uses the overloaded WriteEntry() method to write to the event log. The second form shown enables you to specify the type of message. If you view the entries by using the Server Explorer in the "Testing Your Code" section later in this topic, the different types of entries are indicated by different icons.

    EventLog1.WriteEntry("This is an informational message")
EventLog1.WriteEntry("This is an error message",
   Diagnostics.EventLogEntryType.Error)

    eventLog1.WriteEntry("This is an informational message");
eventLog1.WriteEntry("This is an error message", 
   System.Diagnostics.EventLogEntryType.Error);

Clearing Log Entries

In this procedure, you will use the Clear() method to remove existing entries from the custom log.

To clear log entries

  1. In the Code Editor, locate the ClearLog_Click procedure.

  2. Call the Clear() method on the EventLog component instance:

    EventLog1.Clear()

    eventLog1.Clear();

Verifying Logs and Sources

In this procedure, you will create two procedures: one that verifies that the custom log exists, and one that verifies that the source string exists. These procedures will be used to test the results of various actions you perform when you run the project.

To verify that the custom log exists

  1. In the Code Editor, locate the VerifyLog_Click procedure.

  2. Create a message box that evaluates whether the specified event log exists and displays true or false accordingly. Use this code:

    Dim logExists As Boolean = EventLog.Exists("NewLog1")
MessageBox.Show("Does the log exist? " & logExists.ToString())

    bool logExists = System.Diagnostics.EventLog.Exists("NewLog1");
MessageBox.Show("Does the log exist? " + logExists.ToString());

To verify that the source exists

  1. In the Code Editor, locate the VerifySource_Click procedure.

  2. Create a message box that evaluates whether the specified source exists and displays true or false accordingly. Use this code:

    Dim sourceExists As Boolean = EventLog.SourceExists("Source1")
MessageBox.Show("Does the source exist? " & sourceExists.ToString())

    bool sourceExists = 
   System.Diagnostics.EventLog.SourceExists("Source1");
MessageBox.Show("Does the source exist? " + sourceExists.ToString());

Removing Sources

In this procedure, you will write code to delete a source string. To do so, you will first verify that the source in question (Source1) exists, and then call the DeleteEventSource() method to remove it.

To remove the event source you created

  1. In the Code Editor, locate the RemoveSource_Click procedure.

  2. Add the following code:

    If EventLog.SourceExists("Source1") Then
   EventLog.DeleteEventSource("Source1")
End If

    if (System.Diagnostics.EventLog.SourceExists("Source1"))
{
   System.Diagnostics.EventLog.DeleteEventSource("Source1");
}

Reading Entries

In this procedure, you will write code to iterate through the event log's entries collection and display the existing messages in the log.

To read entries from the custom log you created

  1. In the Code Editor, locate the ReadEntry_Click procedure.

  2. Add the following code:

    Dim entry As EventLogEntry
If EventLog1.Entries.Count > 0 Then
   For Each entry In EventLog1.Entries
      System.Windows.Forms.MessageBox.Show(entry.Message)
   Next
Else
   MessageBox.Show("There are no entries in the log.")
End If

    if (eventLog1.Entries.Count > 0) 
{
   foreach (System.Diagnostics.EventLogEntry entry 
      in eventLog1.Entries)
   {
      MessageBox.Show(entry.Message);
   }
}
else 
{
   MessageBox.Show("There are no entries in the log.");
}

Testing Your Code

In this section, you will use Server Explorer to verify the results of your code.

To start Server Explorer

  1. From the View menu, access Server Explorer.

  2. Expand the node for your current server, and then expand the Event Logs node underneath it.

To build and run your application

  1. Save the files and press F5 to build and start your project. The form appears with the eight buttons you created.

  2. Click the Create Custom Log button.

    Note

    You must have appropriate permissions to the server on which your application runs in order to create Windows event logs. If you receive a security error at this point, see the system administrator.

  3. Return to the product, while still in run mode, and right-click the Event Logs node in Server Explorer.

  4. Click Refresh.

  5. Verify that the NewLog1 log now appears in the Event Logs node.

To test creating, deleting, and verifying custom logs

  1. Return to your running form, and click the Verify Log Exists button.

    A prompt should appear with the text set to "True."

  2. Click the Delete Log button, and then click the Verify Log Exists button again.

    This time, the prompt should say "False."

  3. Click the Create Custom Log button again to re-create the log.

To test writing entries to and reading entries from the custom log

  1. In the form, click the Write Entry button.

  2. Access Server Explorer, and expand the NewLog1 log.

  3. Expand the Source1 node underneath it.

    You should now see that two entries have been added to the log. One will have an icon indicating that it is an informational entry, and one will have an icon that indicates that it is an error.

  4. Return to the form, and click the Read Entry button.

    You will receive two prompts: one that contains the informational entry and one that contains the error entry.

    Note

    If you clicked the Write Entry button multiple times, you will have received more prompts.

To test clearing the log

  1. In the form, click the Clear Log button.

  2. In Server Explorer, right-click the NewLog1 node, and then click Refresh.

    You should now see that the log no longer contains entries.

To test removing the source string

  1. In the form, click the Remove Event Source button.

  2. Click the Verify Source Exists button. You should receive a message that says "False" to indicate that the source Source1 no longer exists.

  3. Click the Write Entry button.

    Note

    This action will enable you to write entries to the log, because the WriteEntry() method will set the source if it does not currently exist.

  4. In Server Explorer, right-click the NewLog1 node, and then click Refresh. You should see two entries in the log.

  5. Click the Verify Source Exists button again. You should receive a message that says "True" to indicate that the source Source1 exists.

  6. Optionally, you may want to click the DeleteLog button when you are through testing. This will remove the log NewLog1 and the source Source1 so that there are no permanent changes to your system's configuration.

See Also

Other Resources

System Monitoring Walkthroughs

Logging Application, Server, and Security Events