读取Windows事件日志用C#(来源!=的ProviderName!= SOURCENAME) [英] Reading the Windows Event Log with C# (Source != ProviderName != SourceName)
问题描述
我使用C#来读取Windows事件日志,我想从中选择/过滤器的项。问题是,在事件查看器中显示的信息并不总是符合我在C#中获取数据。
例如:
事件查看器来源为用户配置文件服务
使用EventLogEntry类:房产来源为微软Windows用户配置文件服务
使用EventLogReader类:属性的ProviderName:微软Windows用户配置文件服务
使用WMI:SOURCENAME:微软Windows用户配置文件服务
我需要能够读取在事件查看器中显示的确切信息,我可以从哪里获得这些信息?
读取事件日志消息...
在使用EventLogEntry类我偶尔会得到如下字符串读取事件日志消息:
有关事件IDXXX的来源说明XXX无法找到
同样,这不会在事件查看器中显示的信息相匹配。我已经使用EventLogReader.FormatDescription()方法试了,这让我的权利(同为事件查看器)的消息,但对于某些条目它只是返回null,而EventLogEntry.Message包含正确的文本。
什么是检索事件的消息得到同样的消息,在事件查看器中显示的一个正确的方法是什么?
VAR EVENTLOG =新的事件日志(LOGNAME,机,源);
的foreach(在eventLog.Entries VAR项)
{
}
这是与日志交互一个相当基本的赃物。如果你需要更深层次的过滤该源,你可以写上的条目LINQ查询。如图所示这里。
对于错误,一个共同的原因是没有适当的访问到的事件和/或注册表有问题的盒子。既然你可以看到在事件查看器有问题的数据,我怀疑权限错误是一个很好的可能性。
I am using C# to read the Windows Event Log and I want to select/filter entries from it. The problem is that the information displayed in the Event Viewer is not always matching the data I get from c#.
for example:
EventViewer "Source": "User Profile Service"
Using the EventLogEntry class: Property "Source": "Microsoft-Windows-User Profiles Service"
Using the EventLogReader class: Property "ProviderName": "Microsoft-Windows-User Profiles Service"
Using WMI: "SourceName": "Microsoft-Windows-User Profiles Service"
I need to be able to read the exact information displayed in the EventViewer, where can I get this information from?
Reading the EventLog message...
When reading the EventLog message using the EventLogEntry class I occasionally get the following string:
The description for Event ID "xxx" in Source "xxx" cannot be found
Again, this does not match the message displayed in the EventViewer... I have tried using the EventLogReader.FormatDescription() method and it gives me the right (the same as the EventViewer) message, BUT for some entries it simply returns null, while the EventLogEntry.Message contains the proper text.
What is the correct way to retrieve the message of the event to get the same message as the one displayed in the EventViewer?
var eventLog = new EventLog("logName", "machine", "source");
foreach(var entry in eventLog.Entries)
{
}
That is a fairly basic swag at interacting with the log. If you need deeper filtering that source, you can write a LINQ query on the Entries. As shown here.
As for the error, one common reason is not having the proper access to the events and/or registry on the box in question. Since you can see data in question in EventViewer, I am suspecting a permissions error is a good possibility.
这篇关于读取Windows事件日志用C#(来源!=的ProviderName!= SOURCENAME)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
