❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️
❄️

Windows Event Log Trigger

Windows Event Log Trigger

Windows Event Log Trigger

Subscribe to operational/security logs and react with SK-powered classification, enrichment, or notifications.

EventLogWatcher example

using System.Diagnostics.Eventing.Reader;

public class LogWorker : BackgroundService
{
    protected override Task ExecuteAsync(CancellationToken ct)
    {
        var query = new EventLogQuery("Security", PathType.LogName, "*[System/Level=2]");
        var watcher = new EventLogWatcher(query);
        watcher.EventRecordWritten += async (_, args) =>
        {
            if (args.EventException is not null) return;
            using var rec = args.EventRecord;
            // Create kernel scope and process
            // await kernel.InvokeAsync(...)
        };
        watcher.Enabled = true;
        ct.Register(() => watcher.Enabled = false);
        return Task.CompletedTask;
    }
}

Service hosting

  • Use Worker Service template with UseWindowsService().
  • Configure Service Recovery (restart on failure, reset fail count) and delayed auto-start.

Pros / Cons

  • Pros: Deep OS integration; powerful for ops/compliance scenarios.
  • Cons: Windows-only; elevated privileges may be required; careful filtering to avoid floods.