EventRecord.FormatDescription Method()始终以en-US格式返回事件消息 [英] EventRecord.FormatDescription Method () always returns event message in en-US format
问题描述
你好团队,
Hi team,
我正在使用EventRecord class.EventRecord类有方法FormatDescription(获取
活动当前语言环境中的消息)。当我使用这个方法时,它总是返回英文的事件消息。
我的机器语言是:英语(en-US) - (Chinesse
- 已导入简体语言包。
这是我的代码
static void Main(string [] args)
{
; var beforeCulture = Thread.CurrentThread.CurrentCulture;
尝试
; {
Thread.CurrentThread.CurrentCulture = new CultureInfo(" zh-Hans") ; $
string queryString =
"< QueryList>" +
" < Query Id = \" 0 \" Path = \" Security\">" +
" < Select Path = \ " Security\">" +
& "; &NBSP; * [系统[(EventID = 4624)]]" +
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; "&NBSP; &NBSP; < /选择和GT;" +
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; "&NBSP; < /查询>" +
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; "< / QueryList>" ;;
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; EventLogQuery query = new EventLogQuery(" Security",PathType.LogName,queryString);
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; EventLogReader reader = new EventLogReader(query);
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; reader.BatchSize = 10;
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; for(EventRecord eventInstance = reader.ReadEvent(); null!= eventInstance; eventInstance = reader.ReadEvent())
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; string message = eventInstance.FormatDescription(); &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Console.WriteLine(" Format Description is:" + message);
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Console.WriteLine(" Current Culture is" + Thread.CurrentThread.CurrentCulture);
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;休息;
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; } catch(例外e)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Console.WriteLine(e.StackTrace);
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;终于
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; Thread.CurrentThread.CurrentCulture = beforeCulture;
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; }¥b $ b &NBSP; &NBSP; &NBSP; }
static void Main(string[] args)
{
var beforeCulture = Thread.CurrentThread.CurrentCulture;
try
{
Thread.CurrentThread.CurrentCulture = new CultureInfo("zh-Hans");
string queryString =
"<QueryList>" +
" <Query Id=\"0\" Path=\"Security\">" +
" <Select Path=\"Security\">" +
" *[System[(EventID = 4624)]]" +
" </Select>" +
" </Query>" +
"</QueryList>";
EventLogQuery query = new EventLogQuery("Security", PathType.LogName, queryString);
EventLogReader reader = new EventLogReader(query);
reader.BatchSize = 10;
for (EventRecord eventInstance = reader.ReadEvent(); null != eventInstance; eventInstance = reader.ReadEvent())
{
string message = eventInstance.FormatDescription();
Console.WriteLine("Format Description is :" + message);
Console.WriteLine("Current Culture is "+Thread.CurrentThread.CurrentCulture);
break;
}
}catch(Exception e)
{
Console.WriteLine(e.StackTrace);
}
finally
{
Thread.CurrentThread.CurrentCulture = beforeCulture;
}
}
输出:
格式描述为:帐户已成功登录。
主题:
&NBSP; &NBSP; &NBSP;安全ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; S-1-0-0
&NBSP; &NBSP; &NBSP;帐户名称: &NBSP; &NBSP; &NBSP; &NBSP; -
&NBSP; &NBSP; &NBSP;帐户域名: &NBSP; &NBSP; &NBSP; -
&NBSP; &NBSP; &NBSP;登录ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0x0
$
登录信息:
&NBSP; &NBSP; &NBSP;登录类型: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0
&NBSP; &NBSP; &NBSP;受限制的管理模式: -
&NBSP; &NBSP; &NBSP;虚拟账户: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP;不是
&NBSP; &NBSP; &NBSP;提升令牌: &NBSP; &NBSP; &NBSP; 是
假冒等级: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; -
新登录:
&NBSP; &NBSP; &NBSP;安全ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; S-1-5-18
&NBSP; &NBSP; &NBSP;帐户名称: &NBSP; &NBSP; &NBSP; &NBSP; SYSTEM
&NBSP; &NBSP; &NBSP;帐户域名: &NBSP; &NBSP; &NBSP; NT AUTHORITY
&NBSP; &NBSP; &NBSP;登录ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0x3E7
&NBSP; &NBSP; &NBSP;链接登录ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0x0
&NBSP; &NBSP; &NBSP;网络帐户名称: -
&NBSP; &NBSP; &NBSP;网络帐户域名: -
&NBSP; &NBSP; &NBSP;登录GUID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; {00000000-0000-0000-0000-000000000000}
流程信息:
&NBSP; &NBSP; &NBSP;进程ID: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0x4
&NBSP; &NBSP; &NBSP;流程名称:
网络信息:
&NBSP; &NBSP; &NBSP;工作站名称: &NBSP; &NBSP; -
&NBSP; &NBSP; &NBSP;来源网络地址: -
&NBSP; &NBSP; &NBSP;来源端口: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; -
详细认证信息:
&NBSP; &NBSP; &NBSP;登录过程: &NBSP; &NBSP; &NBSP; &NBSP; -
&NBSP; &NBSP; &NBSP;认证包: -
&NBSP; &NBSP; &NBSP;过境服务: &NBSP; -
&NBSP; &NBSP; &NBSP;包名称(仅限NTLM): &NBSP; &NBSP; -
&NBSP; &NBSP; &NBSP;密钥长度: &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; 0
$
创建登录会话时会生成此事件。它是在访问的计算机上生成的。
主题字段表示本地系统上请求登录的帐户。这通常是服务,如服务器服务,或本地进程,如Winlogon.exe或Services.exe。
登录类型字段指示的类型登录发生了。最常见的类型是2(交互式)和3(网络)。
新登录字段表示为其创建新登录的帐户,即该帐户已登录。
网络字段指示远程登录请求的来源。工作站名称并非始终可用,在某些情况下可能会留空。
模拟级别字段指示登录会话中的进程可以模拟的程度。
身份验证信息字段提供有关此特定登录请求的详细信息。
&NBSP; &NBSP; &NBSP; - 登录GUID是一个唯一标识符,可用于将此事件与KDC事件相关联。
&NBSP; &NBSP; &NBSP; - 过渡服务表明哪些中间服务参与了此登录请求。
&NBSP; &NBSP; &NBSP; - 包名称表示在NTLM协议中使用了哪个子协议。
&NBSP; &NBSP; &NBSP; - 密钥长度表示生成的会话密钥的长度。如果没有请求会话密钥,则该值为0.
Format Description is :An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Information:
Logon Type: 0
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: Yes
Impersonation Level: -
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
当前文化 zh-Hans
Current Culture is zh-Hans
先谢谢
推荐答案
Hello Balakumar,
获取当前语言环境中的事件消息。
描述表明事件消息基于您的Windows语言系统,而不是
CultureInfo environment。如果你想用中文获取活动信息。你需要设置你的计算机语言为中文并运行上述代码,您将获得中文信息。关于如何设置,您可以按照以下步骤(windows
10)。
The description indicates the event message is based on your windows language system rather than CultureInfo environment. If you want to get the event information in Chinese. You need to set your computer language as Chinese and run the above code you will get Chinese information. As for how to set, you could follow the below steps(windows 10).
打开控制面板>>选择"时钟,语言和地区">>"语言">>"高级设置>>>
选择语言,保存然后重新启动计算机。运行上面的代码,你会发现中文的事件日志信息。
choose language ,saved and then restart computer. Run the above code you will find event log information in Chinese.
祝你好运,
Neil Hu
这篇关于EventRecord.FormatDescription Method()始终以en-US格式返回事件消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
