My code sifts through events from a remote PC to test whether there are some 6008 (unexpected reboot) events.
I'm using code like:
EventLog log = new EventLog("System",remoteMachine);
EventLogEntryCollection entries = log.Entries;
var entries_filtered = entries.Cast<EventLogEntry>().Where (x => x.EventID=6008);
foreach (EventLogEntry entry in entries) {//my logic here}
During the process, I don't like the way that every event is logged ('reading event'), and so I've come up with two solutions:
Find a way to delete events with some features, so I can delete my reading events
Before reading, copy the evtx file and read event from this file.
But in this case, I need to use something like:
EventLogReader elr = new EventLogReader("C:\\myevents.evtx");
EventRecord a = elr.ReadEvent();
I need to find a way to cast the EventRecord to a EventLogEntry or the EventReader to a EventLogEntryCollection to remove the need to change the entire logic beneath.
Any ideas for the two cases?
Thanks
