提高读取事件日志的性能 [英] Improve performance of reading event log

问题描述

我正在查询不同域控制器的事件日志，我必须在一段时间后继续查询.

I am queries event log of different domain controllers, I have to keep querying that after some time interval.

下面是我用来查询它的代码.

Below is the code I am using to query it.

public static void FindAllLog(string machineName)
        {
            //EventLog log = new EventLog("", "");
            //log.
            EventLog[] remoteEventLogs;
            // Gets logs on the local computer, gives remote computer name to get the logs on the remote computer.
            remoteEventLogs = EventLog.GetEventLogs(machineName);
            Console.WriteLine("Number of logs on computer: " + remoteEventLogs.Length);

            for (int i = 0; i < remoteEventLogs.Length; i++)
            {
                Console.WriteLine("Log : " + remoteEventLogs[i].Log);
                ReadEventLog(machineName, remoteEventLogs[i].Log, DateTime.Now.AddDays(-30));
                //ReadAppEventLog(machineName, remoteEventLogs[i].Log);                
            }
        }

public static void ReadEventLog(string machine, string logType,DateTime fromDate)
        {
            EventLog ev = new EventLog(logType, machine);
            var entry = (from EventLogEntry e in ev.Entries
                         where e.TimeGenerated >= fromDate
                         orderby e.TimeGenerated
                         select e);//.LastOrDefault();
            foreach (EventLogEntry CurrentEntry in entry)
            {
                Console.WriteLine("Event ID : " + CurrentEntry.EventID);
                Console.WriteLine("Event Source : " + CurrentEntry.Source);
                Console.WriteLine("Event TimeGenerated : " + CurrentEntry.TimeGenerated);
                Console.WriteLine("Event TimeWritten : " + CurrentEntry.TimeWritten);
                Console.WriteLine("Event MachineName : " + CurrentEntry.MachineName);
                Console.WriteLine("Entry Type : " + CurrentEntry.EntryType.ToString());
                Console.WriteLine("Message :  " + CurrentEntry.Message + "\n");
                Console.WriteLine("-----------------------------------------");
            }
        }

当我第一次查询域控制器时，我必须阅读最近30天的日志.否则，我们只读了上次离开时​​的最新日志. 它花费大量时间查询它吗? 我尝试使用WMI，很多时候都遇到同样的问题，并且有时会显示"Invalid Query Error"(无效查询错误)? 如何改善呢? 您建议执行此任务的任何模型，我在这里为每个域控制器执行多线程处理?

When first time I am querying a domain controller, I have to read log of last 30 days. Else just read latest log from the last time we left. Its taking hell lot of time to query it? I tried with WMI, same issue hell lot of time and it is sometime giving "Invalid Query Error"? How to improve this? Any model you suggest to do this task, I am doing multithreading here for each Domain Controller?

谢谢

推荐答案

要回答此问题.我尝试了所有样式的事件日志读取.

To answer this question. I tried all style of reading event logs.

使用使用EventLog类的.NET2.0方法，然后使用使用EventLogQuery和EventLogReader类的.NET3.0方法进行读取，最后我尝试了WMI方法.

Using .NET2.0 approach using EventLog class, then reading using .NET3.0 approach using EventLogQuery and EventLogReader class, finally I tried WMI approach.

我必须每5分钟左右根据时间或时间片读取事件日志.

I have to read event logs based on time or in time slice for every 5 mins or so.

你们会惊讶地发现，WMI将比其他.NETx方法更快地检索数据，并且我们将获得更多字段，并且没有操作系统依赖性或防火墙问题.

You guys will surprised to know that WMI will retrieve data way more faster then other .NETx approach and we will get more fields and no OS dependencies or firewall issues.

但是其他两种方法都有缺点.

But other two approaches have cons.

只想分享.

谢谢

这篇关于提高读取事件日志的性能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！