我有一个c ++应用程序,它使用WMI查询语言查询日志文件。我查询了Wmi32_NTLogEvent类并检索了一些信息。问题是我无法从日志中读取所有属性文件。 当我将日志文件转换为csv文件时,它由以下标题组成
"Message","Id","Version","Qualifiers","Level","Task","Opcode","Keywords","RecordId","ProviderName","ProviderId","LogName","ProcessId","ThreadId","MachineName","UserId","TimeCreated","ActivityId","RelatedActivityId","ContainerLog","MatchedQueryIds","Bookmark","LevelDisplayName","OpcodeDisplayName","TaskDisplayName","KeywordsDisplayNames","Properties"
单个日志文件条目如下:
"Windows service started.","0",,"0","4","0",,"36028737058963468","98","DigitalDelivery",,"Dell",,,"vignesh",,"14-01-2018 11:06:35",,,"c:\windows.old\windows\system32\winevt\logs\dell.evtx","System.UInt32[]","System.Diagnostics.Eventing.Reader.EventBookmark","Information","Info",,"System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]","System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]"
使用Win32_NTLogEvent类中给出的属性我只能读取几个属性(即标题),它不包含关键字,ProcessId,ThreadId,Bookmark,LevelDisplayName,KeyWordDisplayName,Properties等属性的信息。 我怎样才能阅读所有这些缺失的属性