哪种方法更好用C＃读取Windows事件日志？ WMI或事件日志 [英] Which approach is better to read Windows Event log in C#? WMI or EventLog

问题描述

我需要编写一个应用程序抢事件日志系统/应用。另一个要求是，我需要阅读事件日志每分钟左右，因为我读了最后一次抓住新的事件日志。
目前，我正在考虑使用C＃，而不是实施的C ++。

I need to write an application to grab event log for System/Applications. The other requirement is that I need to read event log every minute or so to grab the new event logs since I read last time. Currently I am considering to use C# to implement instead of C++.

使用我读了几网页，如果我理解正确的话，我可以使用WMI或EventLog类读取事件日志。
在我看来，我可以当使用EventLog类增加了新的事件日志，但我不知道这是不是使用WMI更好的通知。
。如果我的理解是正确的，我想知道我应该走哪条路？

With that I read several webpages and if I understand correctly, I can use either WMI or EventLog class to read event log. It seems to me that I can be notified when the new event log is added using EventLog class but I was not sure that is better than using WMI. If my understanding is correct, I would like to know which way I should take?

请给我一些建议。谢谢你。

Please give me some advice. Thanks.

推荐答案

WMI是废话。它采用的内存负载和事件被投票内部实现。你甚至可以设置轮询间隔。你是好得多使用EventLog类的.NET。但是，如果你需要从Windows Vista中读取所有日志+则必须使用的 EventLogReader 那里你可以阅读它通过位于

WMI is crap. It uses loads of memory and the "events" are achieved by polling internally. You can even set the poll interval. You are much better off to use the EventLog class of .NET. But if you need to read all logs from Windows Vista+ you must use the EventLogReader where you can read events which define the events not via a message dll file located under

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\EventLogName\EventSourceName\EventMessageFile

而是有一个ProviderGuid指定这是在其他地方注册。这使得无法读取其中使用新的系统许多操作系统消息。但是你可以使用EventLogReader类只在带有OS版本> = Vista计算机。如果你需要得到所有的信息，您将需要根据所安装的操作系统两个事件日志读取器实现。
EventLog类，也可以当你阅读在例如大块消息取得了相当迅速从最多4个线程它不会提高阅读速度达到一个因素2-3 100条消息。我没有得到的随机误差的安全事件日志由多个线程读取的时候的Windows Server 2003上，但对其他的效果很不错，从XP 32位到Windows 7的64位。

but instead there is a ProviderGuid specified which is registered elsewhere. This makes it impossible to read many OS messages which use the new system. But you can use the EventLogReader class only on machines with an OS Version >= Vista. You will need two event log reader implementations depending on the installed OS if you need to get all messages. The EventLog class can also be made quite speedy when you read the messages in chunks of e.g. 100 messages from up to 4 threads which does improve reading speed up to a factor 2-3. I did get random errors for the Security Event Log on Windows Server 2003 when reading from it from multiple threads but for the others it worked very well from XP 32 Bit up to Windows 7 x64.

这篇关于哪种方法更好用C＃读取Windows事件日志？ WMI或事件日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！