Get the location of windows event log files

Question

We are using EventLog to log exceptions. there is a background thread which check once the eventlog get full and programmaticaly transfers the entries into an XML file and then clear the event log.

This works fine but it seems like there is too much work getting done, I thought it would be better to simply copy the .evt file used for logging the current application and then clear the event log.

is there any way to find the location/path of the file which will work on every windows OS?

its suggested to use

Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Services\\EventLog\\" + e.Log);

but then my application log names dont have a File property.

Answer 1

How are you archiving them now? Maybe that method can be improved to gain performance.

Here's an example.

EventLogSession els = new EventLogSession();
els.ExportLogAndMessages("Security",             // Log Name to archive
                         PathType.LogName,       // Type of Log
                         "*",                    // Query selecting all events
                         "C:\\archivedLog.evtx", // Exported Log Path 
                         false,                  // Stop archive if query is invalid
                         CultureInfo.CurrentCulture);

Or you can use the ClearLog() method.

EventLogSession els = new EventLogSession();

// Clears all the events and archives them to the .evtx file
els.ClearLog("System",          //  Channel to Clear
             "c:\\myLog.evtx"); //  Backup File Path

More information can be found here:

Export, Archive, and Clear Event Logs