Detect when a new event is logged in Windows

Question

How would i detect in my application, when a new event is logged in the windows event log. Currently i'm running a timer ever 5 minutes to check for new events but it would be much better if i can detect new events in realtime using WMI or .net

Thanks

score 2 · Accepted Answer · answered Sep 30 '11 at 11:00

You need to set up a WMI Temporary Event Consumer in your app. Note that to monitor the Event Log you will need to request the SeSecurityPrivilege in your WMI connection (as it's possible you could receive events from the Security log, which require this permission)

These are some example WQL queries:

// See all events:
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'

// Catch only specific events: 4202 is a network transport failure
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.EventCode=4202

// Catch only events from a specific source: in this case WMI itself.
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.SourceName='WinMgmt'

@stuartd : Can you help me (here)[http://stackoverflow.com/questions/28897897/c-monitor-process-creation-and-termination-in-windows] — Jackzz, Mar 07 '15 at 14:50

Detect when a new event is logged in Windows

1 Answers1