1

I have got some code which should read errors from all paths in the eventviewer. It all works fine with the code below. 

        foreach (var log in EventLog.GetEventLogs(Environment.MachineName))
        {
            log.Entries
                .Cast<EventLogEntry>()
                .Where(x => x.EntryType == EventLogEntryType.Error && x.TimeWritten > DateTime.Now.AddHours(-1))
                .ToList()
                .ForEach(x =>
                {
                    list.Add(new LogEntry(x, log.LogDisplayName, ItemStatus.Error));
                });
        }

That usually takes up less than two seconds.
Now my Problem is that when i use another machine instead of Environment.MachineName, this process takes up 5-20 minutes.

Is there a way to speed this up?

Thanks

Avoiding LINQ didn't affect my results a lot.

  • Well, if it works just fine, what do you need help with? – nondestructive Aug 21 '17 at 13:32
  • @nondestructive, my guess - it's slow, title says "performance", who needs question marks anyway? – Sinatr Aug 21 '17 at 13:32
  • soorry! posted to early :) –  Aug 21 '17 at 13:36
  • @Sinatr I just had a look at this question and tried this avoiding LINQ but it didn't affect my results a lot. it still takes min. 3 minutes. So do you guys think that it's even possible to slow this up (to like 30secs) or do I have to be okay with 3-5 min? –  Aug 21 '17 at 13:51
  • @j.zeddi, I am not an expert, accepted answer mentioned WMI, perhaps it's worth to try it? – Sinatr Aug 21 '17 at 14:05

1 Answers1

0

Okay after some research i found the solution. A good Explanation/Example can be found on MSDN here.

    EventLogSession session = new EventLogSession(Environment.MachineName);

    // [System/Level=2] filters out the errors
    EventLogQuery query = new EventLogQuery("Log", PathType.LogName, "*[System/Level=2]");

    EventLogReader reader = new EventLogReader(query);

    for (EventRecord eventInstance = reader.ReadEvent();
        null != eventInstance;
        eventInstance = reader.ReadEvent())
    {
        // Output or save your event data here.
    }

When waiting 5-20 minutes with the old code this one does it in less than 10 seconds.

I hope this helps anyone.

  • Consider removing this answer and posting it to https://stackoverflow.com/questions/914446/what-is-the-fastest-way-to-read-event-log-on-remote-machine as that post feels more generic version of your question and lacks good sample. – Alexei Levenkov Aug 23 '17 at 07:08