question

GeraldOakham-9565 avatar image
0 Votes"
GeraldOakham-9565 asked GeraldOakham-9565 commented

find keyword in Event log,if found, search for 2nd keyword within a timeframe

Hi,
I am creating a problem to try and make my life a little easier.
Occasionally, I am asked to locate a keyword within a machines (application) Event log, and I then need to look (approx) 2 minutes after this is located to see if another keyword is there.

I can do the keyword searches, but I am having an issue with the timeframe . it seems to the searching the event logs from the originally specified time, and not up to the 2nd specified time ( ie: it's searching till the most recent log entry, not just the 1st keyword time stamp + 120seconds).

I have tried to reduce the time windows to 60 seconds, but I still get the same amount of results back (4, in my test scenario, when I should only get 2).

I'm sure I have made a mistake with the < > code, but am having trouble seeing what I have done incorrectly.

Could someone point out what tI have done wrong ?

            string log = "Application";
             EventLog demoLog = new EventLog(log);
             EventLogEntryCollection entries = demoLog.Entries;
             foreach (EventLogEntry entry in entries.Cast<EventLogEntry>())
                 {
                 if (entry.Message.Contains(_keyword))
                     {
                     richTextBox1.AppendText("Date: " + entry.TimeGenerated + Environment.NewLine);
                     richTextBox1.AppendText("--------------------------------" + Environment.NewLine + Environment.NewLine);
                     richTextBox1.AppendText(entry.Message + Environment.NewLine);
                     richTextBox1.AppendText(Environment.NewLine + Environment.NewLine);
    
  ----> this line        foreach (EventLogEntry entry2 in entries.Cast<EventLogEntry>().Where(e => entry.TimeGenerated <= entry.TimeGenerated.AddSeconds(60)))
                         {
                         if (entry2.Message.Contains("Failed to insert"))
                             {
                             _errorCount++;
                             richTextBox1.AppendText("Date: " + entry2.TimeGenerated + Environment.NewLine);
                             richTextBox1.AppendText("--------------------------------" + Environment.NewLine + Environment.NewLine);
                             richTextBox1.AppendText(entry2.Message + Environment.NewLine);
                             richTextBox1.AppendText(Environment.NewLine + Environment.NewLine);
                             }
                         }
                     }
                 }

Thank you in advance

dotnet-csharp
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Viorel-1 avatar image
0 Votes"
Viorel-1 answered GeraldOakham-9565 commented

Consider this condition:

 ...Where( e => e.TimeGenerated > entry.TimeGenerated && e.TimeGenerated <= entry.TimeGenerated.AddSeconds(120)) 


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for coming back so quickly.
I tried this code, but no errors come back, and I know there are 2 around the time frame.

The issue was/is that the timestamps on the 2nd keyword searches = the timestamp on the 1st, so I amend the line to :

  ...Where( e => e.TimeGenerated >= entry.TimeGenerated && e.TimeGenerated <= entry.TimeGenerated.AddSeconds(120)) 

and I got my 2 errors (which fall within the time frame)

THANK YOU :-)

0 Votes 0 ·