C# Signature:
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
public static extern bool BackupEventLog(IntPtr hEventLog, string backupFile);
VB Signature:
Declare Function BackupEventLog Lib "advapi32.dll" (TODO) As TODO
User-Defined Types:
None.
Alternative Managed API:
EventLogSession from the namespace System.Diagnostics.Eventing.Reader can be used in most cases (Windows Vista and above only and .NET 4 or above. This throws a PlatformNotSupportedException on Windows XP and Windows 2003 with .NET 4)
To save the 'Appllication' event log:
EventLogSession eventLogSession = new EventLogSession();
eventLogSession.ExportLogAndMessages("Application", PathType.LogName, "", @"logFile.evtx", /tolerateQueryErrors*/ false, CultureInfo.CurrentCulture);
Notes:
None.
Tips & Tricks:
Please add some!
Sample Code:
Save the application log to disk:
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern IntPtr OpenEventLog(string UNCServerName, string sourceName);
[DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
static extern bool BackupEventLog(IntPtr hEventLog, string backupFile);
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool CloseEventLog(IntPtr hEventLog);
void SaveLog(string eventLogName, string destinationDirectory)
{
string exportedEventLogFileName = Path.Combine(destinationDirectory, eventLogName + ".evt");
//Returns handle to Application log if Custom log does not exist.
IntPtr logHandle = OpenEventLog(Environment.MachineName, eventLogName);
if (IntPtr.Zero != logHandle)
{
bool retValue = BackupEventLog(logHandle, exportedEventLogFileName);
//If false, notify.
CloseEventLog(logHandle);
}
}
