c# - Reading Hyper-V event logs -

i need able retrieve event log entries hyper-v part of monitoring system use. @ moment use vbscript , wmi , like:

query = "select * win32_ntlogevent logfile = 'system' , timegenerated >= '" & last_check & "'" set wmi_objectset = wmi_service.execquery(query, "wql", &h30) 

and works fine retrieves of hyper-v logs not all. googling suggests there no way round , ms have not built ability read hyper-v logs wmi. need different approach.

more googling found c# code reading event logs , fine happy use c# instead of vbscript. trouble while can read standard logs system , application can't work out how read hyper-v log want. code looks like:

eventlog = new eventlog(); eventlog.log = eventlogname;  foreach (eventlogentry log in eventlog.entries) { 

if set eventlogname "system" works , reads log entries (and it's impressively quick). need entries log microsoft-windows-hyper-v-vmms-admin. if set eventlogname "microsoft-windows-hyper-v-vmms-admin" exception:

unhandled exception: system.invalidoperationexception: event log 'microsoft-windows-hyper-v-vmms-admin' on computer '.' not exist. 

the log exist, , powershell command:

get-winevent -logname microsoft-windows-hyper-v-vmms-admin 

does retrieve events, problem presumably right way specify log name eventlog object.

so question use in c# program entries in hyper-v vmms admin log.

the server testing on 2012r2 though don't think problem related exact version of windows. there other ways of getting @ log data, get-winevent or wevtutil, prefer c# program work , using alternative method last resort.

this happens because system.diagnostics.eventlog supports "old style" event logs. "new style" event logs see in event viewer under "applications , services logs" (and subfolders of that, not ones directly in it), , doesn't support reading those. read those, need use classes provided in system.diagnostics.eventing.reader. note these have different interface geared more towards real-time event retrieval. sample code:

using (var reader = new eventlogreader("microsoft-windows-hyper-v-vmms-admin")) {     eventrecord eventrecord;     while ((eventrecord = reader.readevent()) != null) {         console.writeline("{0:s} {1}", eventrecord.timecreated, eventrecord.formatdescription());     } }    

if interested in latest events, it's more efficient query them in reverse order , filter them way. little enumerator helper can throw in linq:

ienumerable<eventrecord> readeventsreverse(string logname) {     using (         var reader = new eventlogreader(             new eventlogquery(logname, pathtype.logname) { reversedirection = true }         )     ) {         eventrecord eventrecord;         while ((eventrecord = reader.readevent()) != null) {             yield return eventrecord;         }     }    } 

and then

var reverseevents = readeventsreverse("microsoft-windows-hyper-v-vmms-admin"); var reverseeventstoday = reverseevents.takewhile(e => e.timecreated >= datetime.now.date); foreach (var eventrecord in reverseeventstoday) {     console.writeline("{0:s} {1}", eventrecord.timecreated, eventrecord.formatdescription()); } 

if you're interested in reading new events, it's more efficient use the overload allows supply bookmark you're not continuously re-reading , filtering old events.