i have a code to get the information from eventlogs.
protected void Page_Load(object sender, EventArgs e)
{
EventLog eventLog = new EventLog("Application", ".");
getEvents(eventLog.Entries);
}
private void getEvents(EventLogEntryCollection eventLogEntryCollection)
{
foreach (EventLogEntry logEntry in eventLogEntryCollection)
{
if (logEntry.Source.Equals("yen"))
{
eventType.Add(logEntry.EntryType.ToString());
eventTime.Add(logEntry.TimeWritten);
eventSource.Add(logEntry.Source);
eventCategory.Add(logEntry.Category);
eventID.Add(logEntry.EventID);
eventMsg.Add(logEntry.Message.ToString());
开发者_运维问答 Global.logger.Info("Level = " + logEntry.EntryType.ToString() + ", eventTime = " + logEntry.TimeWritten);
}
}
}
so the logEntry.EntryType.ToString() sometimes returns me Information, Error, Warning and sometimes just a 0. what is this 0 for??
Please any suggestions
the logs show this:
INFO 01-Jun-2011 11:48:18.SSS 8 .Global - Level = Information, eventTime = 5/20/2011 3:19:08 PM INFO 01-Jun-2011 11:48:18.SSS 8 .Global - Level = 0, eventTime = 5/20/2011 3:19:16 PM
This can only happen if your eventlog is somehow corrupt. What does happen when you try to view this event with the eventvwr.msc? I have seen many corrupt event logs. This does usually happen when many events are logged at the same time. I never have found a clear repro but this does happen even on Windows Server 2008 from time to time although the whole eventlog subsystem has been rewritten.
The System.Diagnostics.EventLogEntryType
enumumerations defines five values: Error
, FailureAudit
, Information
, SuccessAudit
and Warning
. But if you take a look to the documentation to native WinAPI ReportEvent
function you will see there are actually six types of events. The event with code 0 is EVENTLOG_SUCCESS
which have the same description as EVENTLOG_INFORMATION_TYPE
. It is also displayed the same as "Information" by the Event Viewer.
So probably logEntry.EntryType.ToString() == "0" means that the event was logged with type of EVENTLOG_SUCCESS
.
精彩评论