EventLog.WriteEntry advanced information

Question

Possible Duplicate:
Putting XML Data into the Windows Event Log

Comparing the XML copied from the eventlog from my application custom events to system events. When compared to C# events sent with write entry, there appears to be no way to add extended information.

for example: <EventData>

I have not found anywhere where you can manipulate that section of the event.

<EventData>
  <Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
  <Data Name="TargetUserName">testuser</Data>
  <Data Name="Workstation">CRAPSTATION</Data>
  <Data Name="Status">0xc0000064</Data>
</EventData>

When trying to reproduce exact events or mock other events. I would like to match some of what the system does (if possible) to make the events show up the same in our auditing software and or replay certain events for testing. An example would be to write a failed login event from an IIS forms based authentication page to look like a system failed login. The auditing software would know how to handle classification of the event from the way the event was formed when placed in the log.

Seems I can only get event data from a C# event like the following

<EventData>
  <Data>The supplied credential is invalid.</Data>
</EventData>

Is it possible to form your own XML and then send that instead of using WriteEntry?

Answer 1

If you want full access to the Windows Event Log then you'll probably have to use platform invoke--although there may be a library for doing it that I'm unaware of.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa385785(v=vs.85).aspx provides documentation for the native Event Log API.