C#WMI读取远程事件日志
[英]C# WMI reading remote event log
问题描述
Im trying to run a WMI query against another computer for errors within the last 5 hours or so. 
我试图在最近5个小时左右的时间内对另一台计算机运行WMI查询以查找错误。 When running a WMI query, shouldnt you at least filter the initial query with a where clause? 运行WMI查询时,是否至少应使用where子句过滤初始查询?
Im basing my code off of samples generated from the WMI code creator on MSDN 我的代码基于MSDN上WMI代码创建器生成的样本
Here is the select query im using 这是选择查询即时通讯使用
private ManagementScope CreateNewManagementScope(string server)
{
string serverString = @"\\" + server + @"\root\cimv2";
ManagementScope scope = new ManagementScope(serverString);
return scope;
}
ManagementScope scope = CreateNewManagementScope(servername);
scope.Connect();
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where TimeWritten > '" + DateTime.Now.AddHours(-5).ToString() + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
int iErrCount = logs.Count;
I just want to get a count of the errors in the last 5 hours. 我只想了解最近5个小时的错误。 Its throwing an error when getting the count. 获取计数时抛出错误。 The error is rather vague "Generic Failure". 该错误相当模糊,即“通用故障”。
[update - using date like this now] [更新-现在使用这样的日期]
DateTime d = DateTime.UtcNow.AddHours(-12);
string dateFilter = ManagementDateTimeConverter.ToDmtfDateTime(d);
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where Logfile='Application' AND Type='Error' AND TimeWritten > '" + dateFilter + "'");
With the above code I get no results, yet I can see 2 errors in the event log. 使用上面的代码,我没有得到任何结果,但是我在事件日志中看到2个错误。 Whats wrong with the date filter? 日期过滤器出了什么问题?
Im using this example http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx 我正在使用此示例http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx
1 个解决方案
解决方案1
6 2014-06-09 17:53:32
I did the following to get it to work. 我做了以下工作。 I hope this helps.. 我希望这有帮助..
static void Main(string[] args)
{
var conOpt = new ConnectionOptions();
conOpt.Impersonation = ImpersonationLevel.Impersonate;
conOpt.EnablePrivileges = true;
conOpt.Username = "username";
conOpt.Password = "password";
conOpt.Authority = string.Format("ntlmdomain:{0}", "yourdomain.com");
var scope = new
ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2",
"yourservername.yourdomain.com"),
conOpt);
scope.Connect();
bool isConnected = scope.IsConnected;
if (isConnected)
{
/* entire day */ string dateTime = getDmtfFromDateTime(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
string dateTime = getDmtfFromDateTime("09/06/2014 17:00:08"); // DateTime specific
SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application' and TimeGenerated >='" + dateTime + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
foreach (var log in logs)
{
Console.WriteLine("Message : {0}", log["Message"]);
Console.WriteLine("ComputerName : {0}", log["ComputerName"]);
Console.WriteLine("Type : {0}", log["Type"]);
Console.WriteLine("User : {0}", log["User"]);
Console.WriteLine("EventCode : {0}", log["EventCode"]);
Console.WriteLine("Category : {0}", log["Category"]);
Console.WriteLine("SourceName : {0}", log["SourceName"]);
Console.WriteLine("RecordNumber : {0}", log["RecordNumber"]);
Console.WriteLine("TimeWritten : {0}", getDateTimeFromDmtfDate(log["TimeWritten"].ToString()));
}
}
//ReadLog();
Console.ReadLine();
}
private static string getDmtfFromDateTime(DateTime dateTime)
{
return ManagementDateTimeConverter.ToDmtfDateTime(dateTime);
}
private static string getDmtfFromDateTime(string dateTime)
{
DateTime dateTimeValue = Convert.ToDateTime(dateTime);
return getDmtfFromDateTime(dateTimeValue);
}
private static string getDateTimeFromDmtfDate(string dateTime)
{
return ManagementDateTimeConverter.ToDateTime(dateTime).ToString();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.