Read XML from EventLog in Windows Event Viewer on Windows XP with C#

Question

How do I get the XML from a specific EventLogEntry using C# on Windows XP? I already know the EventLog type (Security) and the event entry id.

EventLogWatcher and other classes are only available in Windows Vista and newer.

Answer 1

You can do this with LogParser . Its a utility built by an x Microsoft Employee Gabriele Giuseppini that reads a tonne of log file formats - FAST !

I've successfully used it with Event Logs before.

There is a C# interface from the good folks over at http://visuallogparser.codeplex.com

Answer 2

For Windows XP, you can use the EventLogReader and EventLogQuery classes to query EventLogRecords from the event log quite efficiently. This API is available since .NET Framework 3.5 (so it should work perfectly fine on Windows XP).

First, you need the name of the event log to query (either its file system path or name), and second an XPath expression that acts as the record selector. A few examples are given at https://docs.microsoft.com/en-us/windows/win32/wes/consuming-events

Basically, it works as follows:

static string RetrieveApplicationEventDetailsXmlById(string eventId)
{
    const string logName = "Application";
    string queryExpression = string.Format("*[System/EventId=\"{0}\"]", eventId);
    var eventLogQuery = new EventLogQuery(logName, PathType.LogName, queryExpression);

    using (var reader = new EventLogReader(eventLogQuery)) 
    {
        EventRecord record;
        if ((record = reader.Next()) != null)
        {
            return record.ToXml();
        }
    }

    return null;
}

Given that a valid XPath expression has been specified, a call to the reader´s Next method returns the next available LogEventRecord object that allows retrieving the event´s details in XML format via the ToXml method.