C# Read Eventlog from evtx file with EventLog Class

Question

I'm trying to read a stored .evtx with the EventLog Class from System.Diagnostics. but it doesn't work.

Isn't it possible to read a stored evtx file with EventLog Class or where is the problem?

Below is My Code

string source = @"S:\test.evtx";

                    EventLog eventLog = new EventLog();
                    eventLog.Source = source;

                    foreach (EventLogEntry log in eventLog.Entries)
                    {
                        Console.WriteLine("{0}\n", log.Message);
                    }

Answer 1

The Source Property of the EventLog refers to the Application Sources in the Event Viewer and not necessarily the source file that you exported.

You need to supply the Source property with a name of an application, not a file name.

UPDATE: If you insist on reading from an evtx, then the EventLogReader class must be the solution.

//EVENT LOG READER
        string source = @"C:\testev.evtx";

        using (var reader = new EventLogReader(source, PathType.FilePath))
        {
            EventRecord record;
            while ((record = reader.ReadEvent()) != null)
            {
                using (record)
                {
                    Console.WriteLine("{0} {1}: {2}", record.TimeCreated, record.LevelDisplayName, record.FormatDescription());
                }
            }
        }

//EVENT LOG
        EventLog eventLog = new EventLog();
        eventLog.Source = "ESENT"; //name of an application

        foreach (EventLogEntry log in eventLog.Entries)
        {
            Console.WriteLine("{0}\n", log.Message);
        }