Saturday, June 18, 2011

Windows Event Log by Visual Basic 2008

We've been experiencing Delayed Write Errors, which result in a loss of data.  In an effort to provide enough data points for our IT section to determine the problem, I needed to extract from the Window's Event Log all logged events.


For those who may not know, the Event Log is a system managed place in which the system logs certain events that users may use to diagnose problems.  It only took a few minutes on Google to pick up enough pieces to do what I needed.


Everything we need is found in the System.Diagnostics namespace.


Imports System.Diagnostics


Module Module1


    Sub Main()
        'Here we create an EventLog object
        Dim a As New EventLog
        Dim z As Long
        'This creates a streamwriter through which we will
        'write the log data.
        Dim myOut As New System.IO.StreamWriter("delayed.txt")
        'This is which of the EventLogs we are accessing 
        a.Log = "System"
        'We have to specify the machine name
        a.MachineName = My.Computer.Name

       '----------------------------------------
       '       the good stuff
       '       We iterate through each event log entry,
       '       looking for the word "delayed".  If we
       '       find it, we write out the entry.
       '------------------------------------------
        For Each entry As EventLogEntry In a.Entries
            z += 1
           
            If entry.Message.ToLower.Contains("delayed") Then
                myOut.WriteLine(entry.TimeGenerated & "," & entry.Message & "," & entry.MachineName)
                Console.WriteLine(entry.Message)
            Else
                If z Mod 100 = 0 Then
                    Console.Write(".")
                End If
            End If


        Next
        myOut.Close()


    End Sub


End Module

Friday, June 17, 2011

more RegEx

The more I use Regular Expressions, the more I rely upon the ease of use they provide in pattern matching in real, everyday work.
Want to match a date at the start of a line?  try

^\d*/\d*/\d* \d*:\d*:\d* [A|P]M
The ^ means the start of a line.
The \d matches all numbers
The [A|P] matches to either "A" or "P" as in AM/PM.
The rest are just string literals.

I was needing to clean a log file I extracted from the Windows Event log to report a problem to our IT support staff.
I had several hundred line s like
The description for Event ID '1073741850' in Source 'Application Popup' cannot be found.  The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.
Where each ID was different.  Solution?  RegEx and Repetition!
I used this as my search query.
The description for Event ID '\d*' in Source 'Application Popup' cannot be found.  The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.  The following information is part of the event:
The \d is, of course, the shorthand meaning "numeric information."  this is the same as the expression [0-9$.,]
* says "repeat the last search term 0 or more times.