读取远程服务器事件日志以获取AD用户登录和注销事件并将其保存到SQL
[英]Read remote server event log to get AD user logon and logoff events and save it to SQL
问题描述
Does anyone know how to get the user logon and log-off event logs from a SERVER 2012 Active directory into SQL server using C#? 
有谁知道如何使用C#将SERVER 2012 Active Directory中的用户登录和注销事件日志获取到SQL Server中? I would preferably run the service from a remote computer. 我最好从远程计算机上运行该服务。
Your assistance is appreciated! 感谢您的协助!
1 个解决方案
解决方案1
1 2014-03-25 14:01:07
Take a look at LogParser its a Microsoft command line tool for querying things like event logs and IIS log files. 看一下LogParser,它是一个Microsoft命令行工具,用于查询事件日志和IIS日志文件之类的东西。 I have seen it used to filter event logs (but not the security logs). 我已经看到它用于过滤事件日志(而不是安全日志)。 From memory the syntax is pretty fussy. 从内存来看,语法非常挑剔。 You can shell out a call to log parser form C#, output to a text file, then read the file and import to SQL Server. 您可以通过外壳调用以C#格式记录日志解析器,输出到文本文件,然后读取该文件并导入到SQL Server。
eg 例如
LogParser.EXE -i:EVT "SELECT TimeGenerated,EventTypeName FROM System WHERE TimeGenerated > '2014-03-25 00:00:00' " > C:\\TodaysEvents.csv LogParser.EXE -i:EVT“ SELECT TimeGenerated,EventTypeName from System WHERE TimeGenerated>'2014-03-25 00:00:00'”> C:\\ TodaysEvents.csv
I think you can access remote servers too using FROM \\\\RemoteServer\\System 我认为您也可以使用FROM \\\\ RemoteServer \\ System访问远程服务器
Edit: I just checked: There is an option to query Active Directory in log parser. 编辑:我刚刚检查:在日志解析器中有一个查询Active Directory的选项。 Use the -i:ADS option 使用-i:ADS选项
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.