如何使用Delphi读取Windows事件日志的内容 [英] How to Read contents of Windows Event Log Using Delphi

问题描述

是否存在允许您读取Windows事件日志的类或函数。这是打开 eventvwr.msc 时看到的日志。并理想地选择一个特定的日志（在我的情况下为 Windows日志下的 Applications 日志），然后在日期和来源上放置过滤器。

Is there a class or function which allows you to read the Windows event log. This is the log you see when you open eventvwr.msc. And ideally select a specific log (in my case the Applications log under Windows Log), and place filters on date and source.

推荐答案

您可以使用 Win32_NTLogEvent WMI类可读取Windows日志的内容。

You can use the Win32_NTLogEvent WMI class to read the contents of the Windows Log.

尝试此示例

{$APPTYPE CONSOLE}

{$R *.res}

uses
  SysUtils,
  ActiveX,
  ComObj,
  Variants;


procedure  GetLogEvents;
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT Category,ComputerName,EventCode,Message,RecordNumber FROM Win32_NTLogEvent  Where Logfile="System"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    Writeln(Format('Category          %s',[String(FWbemObject.Category)]));
    Writeln(Format('Computer Name     %s',[String(FWbemObject.ComputerName)]));
    Writeln(Format('EventCode         %d',[Integer(FWbemObject.EventCode)]));
    Writeln(Format('Message           %s',[String(FWbemObject.Message)]));
    Writeln(Format('RecordNumber      %d',[Integer(FWbemObject.RecordNumber)]));
    FWbemObject:=Unassigned;
  end;
end;

begin
 try
    CoInitialize(nil);
    try
      GetLogEvents;
    finally
      CoUninitialize;
    end;
 except
    on E:EOleException do
        Writeln(Format('EOleException %s %x', [E.Message,E.ErrorCode]));
    on E:Exception do
        Writeln(E.Classname, ':', E.Message);
 end;
 Writeln('Press Enter to exit');
 Readln;
end.

有关更多示例，请尝试此博客条目 使用Delphi的WMI任务-事件日志

For more samples try this blog entry WMI Tasks using Delphi – Event Logs

这篇关于如何使用Delphi读取Windows事件日志的内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！