how to save Event logs into csv file

Question

I'm trying to save the result of log files that I get from Event viewer into a csv file and make sure its not duplicated

any suggestions please

this my code for reading the log file

    using System;
using System.Text;

class Program
{
    static void Main(string[] args)
    {
       
        System.Diagnostics.EventLog log = new
        System.Diagnostics.EventLog("System");


        foreach (System.Diagnostics.EventLogEntry entry in log.Entries)
        {


            {
                Console.WriteLine("Index:" + entry.Index);
                Console.WriteLine("source:"+entry.Source);
                Console.WriteLine("Level:"+entry.EntryType);
                Console.WriteLine("Event ID:"+entry.EventID);
                Console.WriteLine("TimeGenerated:"+entry.TimeGenerated);
                Console.WriteLine("User Name:"+entry.UserName);
                Console.WriteLine("Message:"+entry.Message);
                Console.WriteLine("--------");
            }
        }

        Console.WriteLine("Done");
        Console.ReadLine();

    }
}

Answer 1

To save your logs to a csv you can follow this answer: Writing data into CSV file in C#

In your case it should look something like this:

var log = new EventLog("System");
var csv = new StringBuilder();
foreach (EventLogEntry entry in log.Entries)
{
    csv.AppendLine($"{entry.Index};{entry.Source};{entry.EntryType};{entry.EntryType};{entry.TimeGenerated};{entry.UserName};{entry.Message}");
}
File.WriteAllText("test.csv", csv.ToString());

It can be that you ne "," instead of ";" to make it readable for excel for example.

But I still not get what you mean by it should not print duplicates. Each line has a different event id and timestamp, so even if the message is there multiple times, there are different instances.

Answer 2

I have similar requirement to read evtx file and convert to csv, I tried above code and it does'nt work for me. The code does not enter foreach block.. Pls help

using System;
using System.Text;

class Program
{
    static void Main(string[] args)
    {        
   System.Diagnostics.EventLog log = new      System.Diagnostics.EventLog("ForwardedEvents");
var csv = new StringBuilder();
foreach (System.Diagnostics.EventLogEntry entry in log.Entries)
{
    csv.AppendLine($"{entry.Index};{entry.Source};{entry.EntryType};{entry.EntryType};{entry.TimeGenerated};{entry.UserName};{entry.Message}");
    Console.WriteLine("Index:" + entry.Index);
}
 Console.WriteLine("Index:");  


  
    foreach (System.Diagnostics.EventLogEntry entry in log.Entries)
    {
        {
            Console.WriteLine("Index:" + entry.Index);
            Console.WriteLine("source:"+entry.Source);
            Console.WriteLine("Level:"+entry.EntryType);
            Console.WriteLine("Event ID:"+entry.InstanceId);
            Console.WriteLine("TimeGenerated:"+entry.TimeGenerated);
            Console.WriteLine("User Name:"+entry.UserName);
            Console.WriteLine("Message:"+entry.Message);
            Console.WriteLine("--------");
        }
    }
    Console.WriteLine("Done");
    Console.ReadLine();
}

}

Answer 3

I have attached the screenprint for tried sample code in online