我想知道是否有办法在Windows中的事件查看器实用程序中的“应用程序和服务日志”部分下访问日志。问题是,我可以使用下面的代码阅读Windows日志下的条目。我阅读了整个条目,并获得了具有必要ID的项目,获得了前20名的结果。但是我在访问“应用程序和服务日志”部分时找不到任何内容。我应该更改EventLog构造函数中的LogType吗?或者是否有不同的方法或类来访问应用程序和服务日志?尝试"Application"作为logType变量无效。
string str = "";
EventLog ev = new EventLog(logType, System.Environment.MachineName);
int LastLogToShow = ev.Entries.Count;
if (LastLogToShow <= 0)
Console.WriteLine("No Event Logs in the Log :" + logType);
int i;
int k = 0;
for (i = ev.Entries.Count - 1; i >= 0; i--)
{
EventLogEntry CurrentEntry = ev.Entries[i];
if (CurrentEntry.EventID == id)
{
if (id == 1)
{
str += "Son Açılma \n";
str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
}
else if (id == 42)
{
str += "Son Kapatılma \n";
str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
}
else
{
str += "Event type: " + CurrentEntry.EntryType.ToString() + "\n";
str += "Event Message: " + CurrentEntry.Message + CurrentEntry + "\n";
str += "Event : " + CurrentEntry.UserName + "\n" + "\n";
str += "Olay Zamanı: " + CurrentEntry.TimeGenerated.ToLongDateString() + " " + CurrentEntry.TimeGenerated.ToShortTimeString() + "\n";
}
k++;
}
if (k > 20)
break;
}
ev.Close();
return str;
我正在寻找的是
应用程序和服务日志/
微软/
视窗/
TerminalServices-RemoteConnectionManager /
运算/
事件ID 1149
答案 0 :(得分:1)
我不确定你是否可以使用EventLog类访问它们,或者至少我无法弄清楚如何使用EventLogQuery类。我使用C#: How to Query for an event log details with a given event id?类代替了它。
我在下面提供了一个示例,我根据这篇文章({{3}})进行了改编,并且可以满足您的需求:
using System.Diagnostics.Eventing.Reader;
string logType = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational";
string query = "*[System/EventID=1149]";
var elQuery = new EventLogQuery(logType, PathType.LogName, query);
var elReader = new EventLogReader(elQuery);
for (EventRecord eventInstance = elReader.ReadEvent(); eventInstance != null; eventInstance = elReader.ReadEvent())
{
// .. do stuff here
}