如何在文件夹下创建事件日志 [英] How to create event log under a folder

问题描述

我想创建一个事件日志，而不是直接位于另一个文件夹下的应用程序和服务日志下。



例如：

我的事件日志的当前位置是

应用程序和服务日志/我的事件日志



我希望它是

应用程序和服务日志/事件日志文件夹/我的事件日志



有没有人可以建议我实现这个目标？

Hi,

I would like to create an event log which instead of located directly under "Application and Services Logs", located under another folder.

for example:
the current location of my event log is
"Application and Services Logs/My Event Log"

I wanted it to be
"Application and Services Logs/Event Log Folder/My Event Log"

Is there anyone who can suggest me the way to achieve this?

推荐答案

试试

Try

EventLog.CreateEventSource("Event Log Folder", "My Event Log"); 
EventLog.WriteMessage("Event Log Folder", "My message"); 

您的意思是Windows系统日志吗？

是的，这不是那么容易理解。您需要安装自己的事件源。

Do you mean Windows System Log?
Yes, this is not so easy to understand. You need to install your own Event Source.

using System.Diagnostics;

internal class DefinitionSet {
    //define how much do you need:
    internal const int MaximumLogSizeKilobytes = 2048;
} //class DefinitionSet

public class EventLogInstallationHelper {

    public EventLogInstallationHelper(
        string applicationName, string eventLogName) {
            this.EventLogName = eventLogName;
            this.ApplicationName = applicationName;
    } //EventLogInstallationHelper

    public void Install() { //can throw exception!
        if ((!string.IsNullOrEmpty(ApplicationName)) &&
            (!string.IsNullOrEmpty(EventLogName)))
                  EventLog.CreateEventSource(
                      ApplicationName,
                      EventLogName);
        EventLog log = new EventLog(EventLogName);
        log.MaximumKilobytes = DefinitionSet.MaximumLogSizeKilobytes;
        log.ModifyOverflowPolicy(OverflowAction.OverwriteAsNeeded, 0);
    } //Install

    public void Uninstall() { //can throw exception!
        if (!string.IsNullOrEmpty(EventLogName)) {
                EventLog deletingLog = new EventLog(EventLogName);
                deletingLog.Clear();
        } //if
        if (!string.IsNullOrEmpty(ApplicationName))
                EventLog.DeleteEventSource(ApplicationName);
        result |= true;
        if (!string.IsNullOrEmpty(EventLogName))
                EventLog.Delete(EventLogName);
        result |= true;
    } //Uninstall

    string ApplicationName, EventLogName;

} //class EventLogInstallationHelper

这里的非平凡部分是例外。安装事件源时应该处理这个案例（如果已经完成），卸载时不要安装。



现在，这是一个用法示例：

The non-trivial part here is exception. You should deal with the case when you install Event Source if it is already done and uninstall when it is not installed.

Now, this is an example of the usage:

string Application = "Event Log Test";
string EventLogName = "CodeProject";
EventLogInstallationHelper helper =
    new EventLogInstallationHelper(
        Application,
        EventLogName);

try {
    helper.Install();
} catch {
    System.Console.WriteLine("Event Log already installed");
} //exception

EventLog.WriteEntry(Application, "some log");
EventLog.WriteEntry(Application, "some warning", EventLogEntryType.Warning);
EventLog eventLog = new EventLog();
eventLog.Source = Application;
eventLog.WriteEntry("another log");
eventLog.WriteEntry("some error", EventLogEntryType.Error);

System.Console.WriteLine("See event log now, then press any key");
System.Console.ReadKey(true);

try {
    helper.Uninstall();
} catch {
    System.Console.WriteLine("Event log already uninstalled");
} //exception

这里的想法是你可以拥有 EventLogName 名称，它代表一个单独文件夹中的所有日志记录应用程序。另一个名称 Application 将代表您的某个应用程序的名称作为每个日志属性中的源。



此代码经过充分测试。

-SA

The idea here is that you can have EventLogName name, it represents all your logging applications in one separate folder. Another name, Application, will represent a name of one of your application as a source in each log's properties.

This code is well tested.

—SA

我正在努力获取子文件夹因为我希望有这样的结构：

I was struggling to get the subfolder piece working as well, as I would like to have a structure like:

- Application and Services Logs
-- Company Name
--- Application 1
---- ApplicationLog
--- Application 2
---- SecurityLog
---- OperationalLog

我找不到任何直接使用C的方法，但是在使用注册表项和https://docs.microsoft.com/en-us/windows/desktop/提供的文档进行了一些试验和错误之后eventlog / eventlog-key我终于开始工作了。

看来你需要在HKLM \Software \ Microoft \ Windows \ CurrentVersion \WINEVT \ Channel中创建密钥，其中主注册表项名称是key t o'文件夹'结构。 a' - '被视为更深层次的结构。例如：CompanyName \ Application \Log，应该是一个名为CompanyName-Application-Log的键。



下面是使用PowerShell执行此操作的示例脚本：

I could not find any way to do this directly using C, however after doing some trial and error with registry keys and the documentation provided at https://docs.microsoft.com/en-us/windows/desktop/eventlog/eventlog-key I finally got it to work.
It seems that you need to create keys at HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Channels, where the primary registry key name is key to the 'folder' structure. a '-' is seen as a deeper structure. So for example: CompanyName\Application\Log, should be a key named CompanyName-Application-Log.

Below is an example script to do this using PowerShell:

# Create the eventlog (in a subfolder structure)
# Params()

这篇关于如何在文件夹下创建事件日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！