从任意来源

时间:2015-07-21 19:07:59

标签: c# .net xml windows event-log

我试图从不同来源写入Windows EventLog,以在我的系统上重新创建一系列事件。我的想法是,我可以使用Event的XML并在EventLog中重新创建它。到目前为止,我已经找到了如何根据EventLog.WriteEntry("Service Control Manager", "a test message", EventLogEntryType.Information, 7036, 0);的源名称从任意提供程序创建简单事件,但这只是一个经典日志,它不支持更高级的我需要模仿现代日志的数据结构。我尝试过使用System.Diagnostics.Eventing.EventProvider.WriteEvent,但这只适用于某些提供程序GUID(例如,我可以将其用于Power-Troubleshooter,但不适用于服务控制管理器)。我已经无法在互联网上找到任何东西而且我已经搜索了几天,如果有人知道这样做的话会非常有用 - 无论是否在c#中。

 using System;  
 using System.Collections.Generic;  
 using System.Linq;  
 using System.Text;  
 using System.Diagnostics.Eventing;
 using System.Diagnostics;

namespace ETWDemo  
{  
    class Program  
    {  
        static void Main(string[] args)  
        {
            //This writes a simple message event
            EventLog.WriteEntry("Service Control Manager", "a basic message", EventLogEntryType.Information, 7036, 0);

            //The rest of this writes a modern EventLog
            //this is the GUID for the Service Control Manager
            var eventProvider = new EventProvider(new Guid("{555908d1-a6d7-4695-8e1e-26931d2012f4}"));
            if (eventProvider.IsEnabled())
                Console.WriteLine("Provider is enabled");
                //Outputs 'True' on my system
            EventDescriptor eventDescriptor;
            unchecked
            {
                eventDescriptor = new EventDescriptor(
                    7036, //EventId
                    0, //Version
                    0x0, //Channel Id
                    0x4, //Level
                    0x0, //OpCode
                    0x0, //Task
                    (long)0x8000000000000000); //Keywords
            }
            var wroteOk = eventProvider.WriteEvent(ref eventDescriptor, "pls", "wrk");
            if (wroteOk)
                Console.WriteLine("Claims to have written correctly");
            else
                Console.WriteLine("Did not write correctly");
            //Console outputs "Claims to have written correctly", but nothing changes in the eventLog
        }
    }  
} 

0 个答案:

没有答案