我想查询整个Windows事件日志(例如应用程序)以查找由特定源(例如MSSQL $ SQLEXPRESS)编写的事件。我已经编写了工作代码来搜索事件ID:
string xpathQuery = string.Format("*[System/EventID={0}]", intFilter);
EventLogQuery query = new EventLogQuery(eventLogName, PathType.LogName, xpathQuery);
EventLogReader reader = new EventLogReader(query);
for (EventRecord eventInstance = reader.ReadEvent(); null != eventInstance; eventInstance = reader.ReadEvent())
{
lisRecords.Add(eventInstance);
}
我如何改变xpathQuery,我能够搜索4个eventlog-entry-sources?
答案 0 :(得分:2)
更改类似的查询字符串(您可能希望创建一个文本资源并将此查询放入其中以避免转义):
*[System[Provider[@Name='Microsoft-Windows-ADSI' or @Name='Outlook'] and (EventID=1 or EventID=2 or EventID=3)]]
以上相当于:
(EventID in (1,2,3)) and (Source in ('Microsoft-Windows-ADSI', 'Outlook'))