Detect when a new event is logged in Windows

How would i detect in my application, when a new event is logged in the windows event log. Currently i'm running a timer ever 5 minutes to check for new events but it would be much better if i can detect new events in realti开发者_如何转开发me using WMI or .net

Thanks

You need to set up a WMI Temporary Event Consumer in your app. Note that to monitor the Event Log you will need to request the SeSecurityPrivilege in your WMI connection (as it's possible you could receive events from the Security log, which require this permission)

These are some example WQL queries:

// See all events:
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'

// Catch only specific events: 4202 is a network transport failure
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.EventCode=4202

// Catch only events from a specific source: in this case WMI itself.
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.SourceName='WinMgmt'