System.Diagnostics.EventLog doesn't contain correct message

PawZaw Published at Dev

PawZaw

In some cases, when retrieving event logs from System.Diagnostics.EventLog, message like this

The description for Event ID '10016' in Source 'DCOM' cannot be found...

is returned. I found out that this response is also returned by Get-EventLog command in Powershell.

The actual message should look like this:

The application-specific permission settings do not grant Local Activation permission...

and is returned by Get-WinEvent command.

Is there any way to retrieve the second message in .Net Framework project? (without calling an independent Powershell script)?

UPDATE

I implemented the suggested solution, but now I stumbled on a different problem - how can I retrieve Audit Success and Audit Failure information? The EventLogEntry had an enum that contained them, but EventRecord doesn't

Update 2

I found a way to deal with Audits. EventRecord has a Keywords property, I compared it to StandardEventKeywords enum

Mathias R. Jessen

As mentioned in the comments, Get-WinEvent uses the EventLogReader class to enumerate the events queried, and then calls EventRecord.FormatDescription() on each resulting record to render the localized message.

Here's a sample console application to fetch and print the rendered message of each of the first 10 Warning (Level=3) events in the Application log:

using System;
using System.Diagnostics.Eventing.Reader;

class Program
{
    static void Main(string[] args)
    {
        // construct an EventLogQuery object from a log path + xpath query
        var xpath = "*[System[Level=3]]";
        var query = new EventLogQuery("Application", PathType.LogName, xpath);

        // instantiate an EventLogReader over the query
        var reader = new EventLogReader(query);

        // read the events one by one
        var counter = 0;
        EventRecord record = null;
        while ((record = reader.ReadEvent()) is EventRecord && ++counter <= 10)
        {
            // call FormatDescription() to render the message in accordance with your computers locale settings
            var renderedMessage = record.FormatDescription();
            Console.WriteLine(renderedMessage);
        }
    }
}

Beware that it's entirely possible for FormatDescription() to return an empty string - this will occur when the event logging provider didn't provide a message template for the given event id.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2021-09-9

Comments

0 comments

TOP Ranking

Article

System.Diagnostics.EventLog doesn't contain correct message

System.Diagnostics.EventLog doesn't contain correct message

pump.io port in URL

Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

How to import an asset in swift using Bundle.main.path() in a react-native native module

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

Using Response.Redirect with Friendly URLS in ASP.NET

Can a 32-bit antivirus program protect you from 64-bit threats

Double spacing in rmarkdown pdf

How to fix "pickle_module.load(f, **pickle_load_args) _pickle.UnpicklingError: invalid load key, '<'" using YOLOv3?

3D Touch Peek Swipe Like Mail

Bootstrap 5 Static Modal Still Closes when I Click Outside

Assembly definition can't resolve namespaces from external packages

Vector input in shiny R and then use it

Emulator wrong screen resolution in Android Studio 1.3

Svchost high CPU from Microsoft.BingWeather app errors

Graphics Context misaligned on first paint

Python connect to firebird docker database

Is this docker-for-mac password dialog legit?

How to save models trained locally in Amazon SageMaker?