C# - Subscribing to a ETW event channel?

Question

I can use C#'s EventLogReader to retrieve all of the ETW events logged within a particular operational channel, using code similar to the example on this page:

http://msdn.microsoft.com/en-us/library/bb671197(v=vs.90).aspx

All I need to do is modify the logname string to instead point to the operational channel that I am interested in (e.g. "Microsoft-Windows-RemoteAssistance/Operational") and I then see all of the events output to the console.

However, I have to keep polling/checking the channel to see if there are any new events, and that is not ideal. I am hoping to find a way to subscribe (or otherwise receive a callback/notification) whenever a new event is logged to the channel. I am sure there must be a way to receive the events in a callback, but I haven't found anything obvious on MSDN.

Does anyone know how to do this from C# ?

Answer 1

Have you had a look at the EventLogWatcher class?

http://msdn.microsoft.com/en-us/library/system.diagnostics.eventing.reader.eventlogwatcher(v=vs.90).aspx

Allows you to specify a criteria and when met the EventRecordWritten event is raised.