C#-从自定义应用程序读取嵌套的事件日志 [英] C# - Read Nested Event Log From Custom Application

问题描述

我正在使用 sysmon 来捕获一堆事件信息(网络连接，DLL加载等).我想提取该信息并将其用于各种目的，但似乎没有任何方法可以检索嵌套的日志.他们居住在

I am using sysmon to capture a bunch of event information (network connections, DLL loads, etc). I want to pull that information and use it for various purposes, but it doesn't seem like there is any way to retrieve the nested logs. They reside at

Event Viewer/Applications and Services/Microsoft/Windows/Sysmon/Operational

我尝试过的所有代码仅提取标准"事件日志.例如:

All of the code I've tried only pulls the "standard" Event Logs. For example:

EventLog[] eventLogs = EventLog.GetEventLogs();

具有应用程序"，硬件事件"，"Internet Explorer"等.

has "Application", "Hardware Events", "Internet Explorer", etc.

我知道如何创建和检索自定义事件日志，但这似乎并不适用于此，因为这些日志不在标准位置.您能提供的任何帮助将不胜感激！

I know how to create and retrieve custom event logs, but that doesn't seem to apply here, as these logs are not in the standard locations. Any help you can provide would be very much appreciated!

推荐答案

看看

Take a look at the System.Diagnostics.Eventing.Reader namespace. In particular, you can get a complete list of log names from:

EventLogSession.GlobalSession.GetLogNames()

此列表比EventLog.GetEventLogs()完整得多.此命名空间中其他有用的类是EventLogReader和EventLogWatcher.

This has a much more complete list than EventLog.GetEventLogs(). Other useful classes in this namespace are EventLogReader and EventLogWatcher.

这篇关于C#-从自定义应用程序读取嵌套的事件日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！