Quering for Windows Event log data [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 4 years ago.

Improve this question

I am trying to query Windows Event log for events and am a bit stuck at which approach to use. Windows Developer documentation lists two examples (and approaches) of querying log data.

Querying for Events http://msdn.microsoft.com/en-us/library/aa385650%28v=vs.85%29.aspx using EvtQuery function

Querying for Event Information http://msdn.microsoft.com/en-us/library/windows/desktop/bb427356%28v=vs.85%29.aspx

If anyone has experience querying for event data, are these two approaches equal? Or is any of them outdated or not recommended for actual use? I am new to Windows programming and not really found any recommendations regarding any of these approaches on MSDN.

Answer 1

http://msdn.microsoft.com/en-us/library/aa385650%28v=vs.85%29.aspx using EvtQuery function The difference is in the use of header. This approach is simpler but you will need to design either an XML or structured XML query.

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427356%28v=vs.85%29.aspx If you need more flexibility in the format of the returned events (like time stamp format) use this approach. This is harder but gives more flexibility if you need control over the format of the extracted data.