所以我试图找到计算机被锁定在我大学的服务器上时,我们有4台计算机使用的不同服务器,但是我的事件日志查询没有返回任何结果,任何人都可以告诉我哪里出了问题?我无法弄明白,网络不是我的强项
private void QueryActiveLog(string compName)
{
string queryString =
"<QueryList>" +
"<Query Id=\"0\" Path=\"Security\">" +
"<Select Path=\"Security\">*[System[(Computer='" + compName + "') and (EventID=4771)]]</Select>" +
"</Query>" +
"</QueryList>";
EventLogQuery eventsQuery = new EventLogQuery("Application", PathType.LogName, queryString);
EventLogReader logReader = new EventLogReader(eventsQuery);
for (EventRecord eventRecord = logReader.ReadEvent(); null != eventRecord; eventRecord = logReader.ReadEvent())
{
//Should Get the description from the eventrecord.
string message = eventRecord.FormatDescription();
}
}