C#WMI读取远程事件日志 [英] C# WMI reading remote event log
问题描述
我试着到最后5个小时左右的时间内对运行另一台计算机的错误WMI查询。当运行一个WMI查询,不应该你至少与过滤where子句初始查询?
Im trying to run a WMI query against another computer for errors within the last 5 hours or so. When running a WMI query, shouldnt you at least filter the initial query with a where clause?
林立足我的代码了从MSDN上的WMI代码创建者生成的样本
Im basing my code off of samples generated from the WMI code creator on MSDN
下面是选择查询即时通讯使用
Here is the select query im using
private ManagementScope CreateNewManagementScope(string server)
{
string serverString = @"\\" + server + @"\root\cimv2";
ManagementScope scope = new ManagementScope(serverString);
return scope;
}
ManagementScope scope = CreateNewManagementScope(servername);
scope.Connect();
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where TimeWritten > '" + DateTime.Now.AddHours(-5).ToString() + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
int iErrCount = logs.Count;
我只想得到错误的计数在过去的5个小时。其获得数时抛出一个错误。该错误是相当模糊的通用失败
I just want to get a count of the errors in the last 5 hours. Its throwing an error when getting the count. The error is rather vague "Generic Failure".
[更新 - 使用日期现在这个样子]
[update - using date like this now]
DateTime d = DateTime.UtcNow.AddHours(-12);
string dateFilter = ManagementDateTimeConverter.ToDmtfDateTime(d);
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where Logfile='Application' AND Type='Error' AND TimeWritten > '" + dateFilter + "'");
通过上面的代码我没有得到任何结果,但我可以看到在事件日志中2个错误。什么错日期过滤器?
With the above code I get no results, yet I can see 2 errors in the event log. Whats wrong with the date filter?
即时通讯使用这个例子
的 http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx
Im using this example http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx
推荐答案
我做了以下才能正常工作。我希望这有助于..
I did the following to get it to work. I hope this helps..
static void Main(string[] args)
{
var conOpt = new ConnectionOptions();
conOpt.Impersonation = ImpersonationLevel.Impersonate;
conOpt.EnablePrivileges = true;
conOpt.Username = "username";
conOpt.Password = "password";
conOpt.Authority = string.Format("ntlmdomain:{0}", "yourdomain.com");
var scope = new ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", "yourservername.yourdomain.com"), conOpt);
scope.Connect();
bool isConnected = scope.IsConnected;
if (isConnected)
{
/* entire day */ string dateTime = getDmtfFromDateTime(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
string dateTime = getDmtfFromDateTime("09/06/2014 17:00:08"); // DateTime specific
SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application' and TimeGenerated >='" + dateTime + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
foreach (var log in logs)
{
Console.WriteLine("Message : {0}", log["Message"]);
Console.WriteLine("ComputerName : {0}", log["ComputerName"]);
Console.WriteLine("Type : {0}", log["Type"]);
Console.WriteLine("User : {0}", log["User"]);
Console.WriteLine("EventCode : {0}", log["EventCode"]);
Console.WriteLine("Category : {0}", log["Category"]);
Console.WriteLine("SourceName : {0}", log["SourceName"]);
Console.WriteLine("RecordNumber : {0}", log["RecordNumber"]);
Console.WriteLine("TimeWritten : {0}", getDateTimeFromDmtfDate(log["TimeWritten"].ToString()));
}
}
//ReadLog();
Console.ReadLine();
}
private static string getDmtfFromDateTime(DateTime dateTime)
{
return ManagementDateTimeConverter.ToDmtfDateTime(dateTime);
}
private static string getDmtfFromDateTime(string dateTime)
{
DateTime dateTimeValue = Convert.ToDateTime(dateTime);
return getDmtfFromDateTime(dateTimeValue);
}
private static string getDateTimeFromDmtfDate(string dateTime)
{
return ManagementDateTimeConverter.ToDateTime(dateTime).ToString();
}
这篇关于C#WMI读取远程事件日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
