c# - Search for specific event ID's in archived Windows event logs -

situation: have many old security event logs on server (about 18 gb). logs saved on dedicated hdd partition evt files (-> logs not included in eventviewer).

want: want search specific event id in every log.

problem: cant open event log file, isn't "included" in event viewer eventlog-class

idea: use .net's eventlogclass. eventlog log = new eventlog();
cant refer specific event log file, on other hdd partition.

i tried every, in opinion, possible way like:

eventlog log = new eventlog(filepath, computername) eventlog log = new eventlog(filepath, ".") eventlog log = new eventlog(filename, computername, filepath) eventlog log = new eventlog(filename, ".", filepath) 

at first two, error message says, there no special character "\" allowed. @ last two, there error message say, there no such file "filename" found on computer (i think search in event logs, "included" in event viewer)

question: want open such files - doesnt matter if works class idea with. want search event id , if specific id found, export whole event txt, csv or whatever.

thanks in advance!

here method takes event file , id parameters, returns eventrecord

public static eventrecord geteventrecord(string eventfile, int eventid) {   var xpathquery = string.format("*[system/eventid={0}]", eventid);   var query = new eventlogquery(eventfile, pathtype.filepath, xpathquery);   var reader = new eventlogreader(query);   return reader.readevent(); } 

usage example :

static void main(string[] args) {   var rec = geteventrecord(@"w:\kanta\eventi.evtx", 903);   /// due bug have set current culture en-us or formatdescription won't work   /// https://connect.microsoft.com/visualstudio/feedback/details/498054/net-3-5-sp1-eventrecord-formatdescription#   thread.currentthread.currentculture = new cultureinfo("en-us");   console.write(rec.formatdescription());   console.readkey(); }