I'm attempting to access a 'ForwardedEvents' events log on a server using
el = new EventLog("ForwardedEvents", serverName);
this isn't working.
I believe it's not working because the log isn't contained in the registry where Eventlog would expect to find it (HKLM/System/CurrentControlSet/Services/Eventlog/.. ).
How would add the log to registry so it is found, or is there another method to access a log that's not specified in that location?
Remedied the issue by creating a new registry entry for the Log at: (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\LOGNAME).
Did this by.. ( on windows server 2008 R2 ) ..
1) Right Click on parent folder (eventlog) -> New -> Key
2) Name the key like the evtx file found at (C:\Windows\System32\winevt\Logs\LOGNAME)
3) In the right pane of the registry explorer, right click -> new -> Expandable String Value
4) Name the newly created REG_EXPAND_SZ "File"
5) Right click on the Name "File"
6) Modify
7)In the "Value Data" box, add path to evtx file like
( %SystemRoot%\System32\winevt\Logs\ForwardedEvents.evtx )