我正在尝试读取事件日志文件,我能够将文件发送到代码中,但是对于我想要读取的文件,位于 “C:\ Users \ banvilb \ Documents \ Event Log \ Test \ BSN_Navigator.evt”, 提出“无效的文件格式”
下面的代码片段中突出显示的if语句是提示消息的内容,但我不明白为什么消息会出现。
我在做什么导致它不读取文件。
如果您需要更多/其余代码告诉我,我将更新此帖子
// Parse the file
public unsafe void Parse(string filename)
{
try
{
// Open the file
using (FileStream fs = new FileStream(filename, FileMode.Open))
{
// Use BinaryReader to read the file
using (BinaryReader br = new BinaryReader(fs))
{
//Read the header of the file
byte[] header = new byte[sizeof(EventLogHeader)];
br.Read(header, 0, header.Length);
EventLogHeader _h = new EventLogHeader(header);
// Validate the file
// **** The issue is here ****
if (!Validate(_h))
{
this.OnAction("Invalid file format.");
return;
}
//
int totalEvents = (int)(_h.NextIndex - 1);
this.OnAction(String.Format("Found {0} events", totalEvents));
// Read the items
EventLogEntry e;
int cnt = 0;
uint offset = _h.FooterOffset;
while (true)
{
byte[] buff = ReadEntry(br, ref offset);
e = ReadEntry(buff);
cnt++;
DateTime dt = GetTime(e.rec.TimeGenerated);
this.OnFoundRecord(
new object[] {
Enum.GetName(typeof(EventLogEntryType),e.rec.EventType),
dt.ToShortDateString(),
dt.ToShortTimeString(),
e.SourceName,
e.Strings,
e.rec.EventCategory,
e.rec.EventID,
e.UserSid,
e.Computername});
if (cnt % 200 == 0) this.OnProgress(cnt, totalEvents);
if (offset == 48)
break;
}
}
}
}
catch (Exception ex)
{
this.OnAction(String.Format("Error Occured! {0}", ex.Message));
}
return;
}