如何从EventLog获得关键的Entrys? [英] How to get Critical Entrys from EventLog?
问题描述
嘿那边,
我正在尝试编写一个简单的应用程序来从Windows读取EventLog。
例如,我希望显示所有具有XML级别严重/级别1的订单
< 事件 xmlns = http://schemas.microsoft.com/win/2004/08/events/event >
- < 系统 >
<! - ... - >
< 级别 > 1 < / Level >
<! - ... - >
仅在.NET中此类型可用:
// Zusammenfassung:
public enum EventLogEntryType
{
Error = 1 ,
警告= 2 ,
信息= 4 ,
SuccessAudit = 8 ,
FailureAudit = 16 ,
}
所以没有关键。
我在网上搜索,发现这个链接。
我尝试了它但如果我这样使用它
EventLog log = new EventLog( Application);
foreach (EventLogEntry条目 in log.Entries)
{
if (entry.EntryType == 0 )
Console.WriteLine( < {0} {1} {2}>,entry.EventID,entry.Source,entry.Message );
}
它比Microsoft的EventLog Viewer输出更多行,如果我仅限于我的严重错误申请协议(3 Entrys here)。
即使我在链接上试试这个帖子就像这样做
if ((entry.EntryType!= EventLogEntryType.Error)&&
(entry.EntryType!= EventLogEntryType.FailureAudit) &&
(entry.EntryType!= EventLogEntryType.Information)&&
(entry.EntryType!= EventLogEntryType.SuccessAudit)&&
(entry.EntryType!= EventLogEntryType.Warning))
{
Console.WriteLine( < {0} {1 } {2}>,entry.EventID,entry.Source,entry.Message);
}
这里没什么可用的......
那么有一种方法我只能限制使用C#的关键命令吗?
非常感谢你们的帮助! div class =h2_lin>解决方案
根据EventLogEntry Class [ ^ ]您使用错误的方法访问事件日志。
以下代码是访问日志条目的正确方法:
const long EVENT_ID = 4616L;
const string LOG = 安全;
// **************** *********************** collect_log_entries
列出< EventLogEntry > collect_log_entries()
{
List < EventLogEntry > filtered_entries;
EventLog日志;
EventLogEntryCollection log_entries;
filtered_entries = new 列表< EventLogEntry > ();
log = new EventLog(LOG, 。);
log_entries = log.Entries;
for ( int i = 0 ;(i < log_entries.Count); i ++)
{
EventLogEntry条目;
long event_ID;
entry = log_entries [i];
event_ID =(entry.InstanceId& 0x3FFF);
if (event_ID == EVENT_ID)
{
filtered_entries.Add(entry);
}
}
return (filtered_entries);
}
请注意,event_ID是InstanceId的低30位,所以我们屏蔽了排在前两位。
Hey out there,
i'm trying to write a simple application for reading the EventLog from Windows.
For example i want to display all entrys with the Level "Critical" / Level 1 in XML
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<!-- ... -->
<Level>1</Level>
<!-- ... -->
In .NET are only this Types available:
// Zusammenfassung:
public enum EventLogEntryType
{
Error = 1,
Warning = 2,
Information = 4,
SuccessAudit = 8,
FailureAudit = 16,
}
So there is no Critical.
I searched in the net and found this link.
I tryed it out but if i use it like this
EventLog log = new EventLog( "Application" );
foreach( EventLogEntry entry in log.Entries )
{
if( entry.EntryType == 0 )
Console.WriteLine( "<{0} {1} {2}>", entry.EventID, entry.Source, entry.Message );
}
it put more lines out than the EventLog Viewer from Microsoft if i limit to "Critical" errors only in my "Application" Protocol (3 Entrys here).
Even if i try the post at the link and do it like this
if( (entry.EntryType != EventLogEntryType.Error) &&
( entry.EntryType != EventLogEntryType.FailureAudit ) &&
( entry.EntryType != EventLogEntryType.Information ) &&
( entry.EntryType != EventLogEntryType.SuccessAudit ) &&
(entry.EntryType != EventLogEntryType.Warning) )
{
Console.WriteLine( "<{0} {1} {2}>", entry.EventID, entry.Source, entry.Message );
}
nothing usable here...
So is there a way i can limit only to the critical entrys using C#?
Thank you so much guys for your help!
According to the documentation at EventLogEntry Class[^] you are using the wrong method to access Event Logs.
The following code is the correct way to access the log entries:
const long EVENT_ID = 4616L; const string LOG = "Security"; // *************************************** collect_log_entries List < EventLogEntry > collect_log_entries ( ) { List < EventLogEntry > filtered_entries; EventLog log; EventLogEntryCollection log_entries; filtered_entries = new List < EventLogEntry > ( ); log = new EventLog ( LOG, "." ); log_entries = log.Entries; for ( int i = 0; ( i < log_entries.Count ); i++ ) { EventLogEntry entry; long event_ID; entry = log_entries [ i ]; event_ID = ( entry.InstanceId & 0x3FFF ); if ( event_ID == EVENT_ID ) { filtered_entries.Add ( entry ); } } return ( filtered_entries ); }
Note that the event_ID is the lower 30 bits of the InstanceId so we mask off the top two bits.
这篇关于如何从EventLog获得关键的Entrys?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!