Question
I want to query the whole Windows event log (e.g. application) for events, that were written by a specific source (e.g. MSSQL$SQLEXPRESS). I have already written working code to search for event id's:
https://stackoverflow.com/questions/20744029
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianstring xpathQuery = string.Format("*[System/EventID={0}]", intFilter);
EventLogQuery query = new EventLogQuery(eventLogName, PathType.LogName, xpathQuery);
EventLogReader reader = new EventLogReader(query);
for (EventRecord eventInstance = reader.ReadEvent(); null != eventInstance; eventInstance = reader.ReadEvent())
{
lisRecords.Add(eventInstance);
}
How I have to alter the xpathQuery, that I'm able to search 4 eventlog-entry-sources?
Solution
Change the query string something like that (you may want to create a text resource and put this query in it to avoid escapes):
*[System[Provider[@Name='Microsoft-Windows-ADSI' or @Name='Outlook'] and (EventID=1 or EventID=2 or EventID=3)]]
The above is equivalent to:
(EventID in (1,2,3)) and (Source in ('Microsoft-Windows-ADSI', 'Outlook'))
