![](/img/trans.png)
[英]How to create invincible windows application using c# and windows services
[英]How to read events from a Application and Services windows event source using C#?
我正在嘗試閱讀 windows 事件日志:“Microsoft-Windows-Sysmon/Operational” 我試過:
string eventLogName = "Microsoft-Windows-Sysmon/Operational";
EventLog eventLog = new EventLog();
eventLog.Log = eventLogName;
foreach (EventLogEntry log in eventLog.Entries)
{
Console.WriteLine("{0}\n", log.Message);
}
但是,我得到:
System.InvalidOperationException:“計算機上的事件日志“Microsoft-Windows-Sysmon/Operational”。 不存在。'*
我在這里找到了一個解決方案它使用 System.Diagnostics.Eventing.Reader 命名空間。 但是,我似乎無法在我的系統或 package 管理器中的任何地方得到這個。
您確定您使用的是正確的命名語義嗎? 如果在該機器上使用該名稱創建了日志源,則會出現此錯誤。 作為替代方案,您可以直接use System.Management
和查詢。
下面是我過去使用過的 function...注意: ServerLogEntry
是來自我的應用程序域的 object。
public List<ServerLogEntry> GetLastestServerLogEntries(int number)
{
string logSource = this.GetEventLogSourceName();
string Query = String.Format("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' AND SourceName='{0}'", logSource);
List<ServerLogEntry> logs = new List<ServerLogEntry>();
ManagementObjectSearcher mos = new ManagementObjectSearcher(Query);
foreach (ManagementObject mo in mos.Get().Take(number).ToList())
{
ServerLogEntry log = new ServerLogEntry();
log.Category = Convert.ToInt32(mo["Category"]);
log.CategoryString = SafeString(mo["CategoryString"]);
log.ComputerName = SafeString(mo["ComputerName"]);
log.EventCode = Convert.ToInt32(mo["EventCode"]);
log.EventIdentifier = Convert.ToInt32(mo["EventIdentifier"]);
log.EventType = Convert.ToInt32(mo["EventType"]);
log.EventTypeName = this.ConvertLogEventType(log.EventType);
log.LogFile = SafeString(mo["LogFile"]);
log.Message = SafeString(mo["Message"]);
log.RecordNumber = Convert.ToInt32(mo["RecordNumber"]);
log.SourceName = SafeString(mo["SourceName"]);
log.TimeGenerated = this.ConvertLogDateTime(SafeString(mo["TimeGenerated"]));
log.TimeWritten = this.ConvertLogDateTime(SafeString(mo["TimeWritten"]));
log.Type = SafeString(mo["Type"]);
log.User = SafeString(mo["User"]);
logs.Add(log);
}
return logs.OrderByDescending(p => p.TimeGenerated).ToList();
}
private string SafeString(object propertyValue)
{
return (propertyValue != null) ? propertyValue.ToString() : "";
}
private string ConvertLogEventType(int eventType)
{
switch (eventType)
{
case 1: return "Error";
case 2: return "Warning";
case 3: return "Information";
case 4: return "Security Audit Success";
case 5: return "Security Audit Failure";
default: return "Unknown";
}
}
private DateTime ConvertLogDateTime(string entryTimeGeneratedString)
{
//TimeGenerated, for example: 20071107135007.000000-300
//
// yyyy mm dd hh mm ss.milisec
// 0123 45 67 89 01 23
// convert to new DateTime(yyyy,month,day,hour,minute,seconds)
return new DateTime(Convert.ToInt32(entryTimeGeneratedString.Substring(0, 4)),
Convert.ToInt32(entryTimeGeneratedString.Substring(4, 2)),
Convert.ToInt32(entryTimeGeneratedString.Substring(6, 2)),
Convert.ToInt32(entryTimeGeneratedString.Substring(8, 2)),
Convert.ToInt32(entryTimeGeneratedString.Substring(10, 2)),
Convert.ToInt32(entryTimeGeneratedString.Substring(12, 2)));
}
這是返回的本機結構 -->
/*class Win32_NTLogEvent
{
uint16 Category;
string CategoryString;
string ComputerName;
uint8 Data[];
uint16 EventCode;
uint32 EventIdentifier;
uint8 EventType;
string InsertionStrings[];
string Logfile;
string Message;
uint32 RecordNumber;
string SourceName;
datetime TimeGenerated;
datetime TimeWritten;
string Type;
string User;
};*/
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.