什么是读取远程计算机上的事件日志的最快方法？ [英] What is the Fastest way to read event log on remote machine?

问题描述

我工作的一个应用程序，它读取远程机器eventlogs（应用程序）。我利用EventLog类的.NET，然后在日志条目迭代但这是很慢的。在某些情况下，有些机器有40000+日志条目，它需要时间通过的条目进行迭代。
是什么来完成这项任务的最佳方法是什么？是否有任何其他类.NET这是快或以任何其他技术？

I am working on an application which reads eventlogs(Application) from remote machines. I am making use of EventLog class in .net and then iterating on the Log entries but this is very slow. In some cases, some machines have 40000+ log entries and it takes hours to iterate through the entries. what is the best way to accomplish this task? Are there any other classes in .net which are faster or in any other technology?

推荐答案

男人，我觉得你的痛苦。我们在我们的应用程序完全相同的问题。

Man, I feel your pain. We had the exact same issue in our app.

您的解决方案有一个分支取决于你的目标的机器是服务器版本，你正运行在什么服务器版本上运行。

Your solution has a branch depending on what server version you're running on and what server version your "target" machine is running on.

如果你俩都在Vista或Windows Server 2008中，你很幸运。你应该看看新System.Diagnostics.Eventing.Reader.EventLogQuery和System.Diagnostics.Eventing.Reader.EventLogReader。这些都是在.NET 3.5新。

If you're both on Vista or Windows Server 2008, you're in luck. You should look at the new System.Diagnostics.Eventing.Reader.EventLogQuery and System.Diagnostics.Eventing.Reader.EventLogReader. These are new in .net 3.5.

基本上，你可以建立在XML查询，运到远程计算机上运行。也许你只是在寻找，在某一特定时间点的特定类型的事件，或者只是新的事件。搜索在远程机器上运行，那么你只需要找回匹配的事件。新类是比旧的.NET 2.0的方式快得多，但同样，他们只支持Vista或Windows Server 2008上。

Basically, you can build a query in XML and ship it over to run on the remote computer. Maybe you're just searching for events of a specific type, or maybe just new events from a specific point in time. The search runs on the remote machine, and then you just get back the matching events. The new classes are much faster than the old .net 2.0 way, but again, they are only supported on Vista or Windows Server 2008.

有关我们的应用程序当目标不能在Vista中/的Win2008，我们下载从远程系统的原始.EVT文件，然后分析其使用二进制格式文件。有关于.EVT文件（Vista以前的），其中的链接文本和文章中，我记得上codeproject.com是有一些C＃代码。

For our app when the target is NOT on Vista/Win2008, we downloaded the raw .evt file from the remote system, and then parsed the file using its binary format. There are several sources of data about the event log format for .evt files (pre-Vista), including link text and an article I recall on codeproject.com that had some c# code.

Vista和Windows Server 2008的计算机上使用新的。 evtx格式是一种新的格式，所以你不能使用在所有版本相同的二进制解析方法。但新EventLogQuery和EventLogReader类是如此之快，你不会有。它现在非常快速的只使用内置类。

Vista and Windows Server 2008 machines use a new .evtx format that is a new format, so you can't use the same binary parsing approach across all versions. But the new EventLogQuery and EventLogReader classes are so fast that you won't have to. It's now perfectly speedy to just use the built-in classes.

这篇关于什么是读取远程计算机上的事件日志的最快方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！