My question is very similar to this one How do you open the event log programatically? Except i'm logging anything. I need to create db of Log Entries from multiple unconnected machines. I get .evtx files then i try to process them. Right now i'm doing it from exported xml files. But i would like to skip the to xml conversion part. I've read the https://msdn.microsoft.com/en-us/library/System.Diagnostics.EventLog.aspx article but i didn't find what i was looking for. Is there a way to do what i want without converting to xml?
Use System.Diagnostics.Eventing.Reader.EventLogReader:
using (var reader = new EventLogReader(@"path\to\log.evtx", PathType.FilePath))
{
EventRecord record;
while((record = reader.ReadEvent()) != null)
{
using (record)
{
Console.WriteLine("{0} {1}: {2}", record.TimeCreated, record.LevelDisplayName, record.FormatDescription());
}
}
}