The description for Event ID 'x' in Source 'y' cannot be found. Reading 'System' event logs from eventvwr C#

Question

I have this small piece of code to read "System" events from eventvwr

        EventLog eventLog = new EventLog("System");

        foreach (EventLogEntry log in eventLog.Entries)
        {
            Console.WriteLine("{0}\n", log.Message);
        }

This works fine but for few event logs i get messages like

"The description for Event ID '109' in Source 'Microsoft-Windows-Kernel-Power' cannot be found.  The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.  The following information is part of the event:'6', '0', '5'"

And when i open eventvwr, i can see the description there.

The kernel power manager has initiated a shutdown transition.
Shutdown Reason: Kernel API

I am running this code as an admin.

Can anyone help me figure out why am i getting such messages for description. Thanks in advance

There are similar posts but none raises this issue. for example this

"The description for Event ID X in Source Y cannot be found."

Answer 1

You either don't have access to the message file or its location is not on your current path, as Admin.

The Event Log message file locations are defined in the registry, i.e. if you look at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Kernel-Power

you should find a Value EventMessageFile which has the Data %systemroot%\system32\microsoft-windows-kernel-power-events.dll or similar - this is from my machine.

Check whether this is on your path and what permissions you have, as Admin.

Answer 2

Of topic for C# but if you get this error in PowerShell just switch to using Get-WinEvent instead of Get-EventLog and all will be OK.

---

Source: Boe Prox's reply here:

Use Get-WinEvent instead [...] Get-EventLog is better suited for the older OS's.