I'm following this post and trying to run the code (copied below), and I'm having a slightly different problem. I can remote connect to the server and view the event log through the Event Viewer program, but I can't iterate through the events in the code. I get an InvalidOperationException saying "Cannot open log EventLogName on machine . Windows has not provided an error code." There is also an inner exception of type System.ComponentModel.Win32Exception that says "Access is denied."
private static bool GetEventLogData(DateTime start)
{
var log = new EventLog("EventLogName", "SERVER.domain.net");
bool errorFound = false;
foreach (EventLogEntry entry in log.Entries)
{
if ((entry.EntryType == EventLogEntryType.Error) &&
(entry.TimeGenerated >= start))
{
Console.WriteLine("Error in Event Log:\n" + entry.Message + "\n");
errorFound = true;
}
}
return errorFound;
}
Any ideas?
EDIT:
The exception data is as follows. I can't post the server name as it is company information. I receive the error when trying to read the event log. I am absolutely sure I can read the log because I can remote connect with my account and read the log using the Event Viewer.
System.InvalidOperationException was unhandled
Message=Cannot open log EventLogName on machine SERVER.domain.net. Windows has not provided an error code.
Source=System
StackTrace:
at System.Diagnostics.EventLogInternal.OpenForRead(String currentMachineName)
at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32 index)
at System.Diagnostics.EventLogEntryCollection.EntriesEnumerator.MoveNext()
at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
at System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection)
at MyApp.Program.GetEventLogData(String machineName, DateTime start) in c:\users\me\documents\visual studio 2010\Projects\MyApp\MyApp\Program.cs:line 45
at MyApp.Program.Main(String[] args) in c:\users\me\documents\visual studio 2010\Projects\MyApp\MyApp\Program.cs:line 28
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException: System.ComponentModel.Win32Exception
Message=Access is denied
ErrorCode=-2147467259
NativeErrorCode=5
InnerException:
This is most likely a policy permission issue. See the Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008 blog entry on TechNet. I was able to make your code work once I did this. In the case of Windows 2008 Server and higher, it's simply a matter of adding the user to the Event Log Readers local security group. Until I did that I was getting the same error.