发表新帖
发表新帖

EventLogQuery time format expected?

前端 未结
关注
5 990
孤独总比滥情好
孤独总比滥情好 2021-01-18 10:10

I\'m trying to use the EventLogQuery class to query the eventlog. I followed the example shown on http://msdn.microsoft.com/en-us/library/bb671200%28v=vs.90%29.aspx#Y0.

5条回答
  • 无人及你
    无人及你 (楼主)
    2021-01-18 10:38

    Failed Login IP List in Last 2 Hour. EventID=4625 AND CreatedDate >= Last 2 Hour 

    var AfterTime = DateTime.Now.AddMinutes(-120);

string queryString =
                    "" +
                    "  " +
                    $"    " +
                    "  " +
                    "";  

var reader = new EventLogReader(new EventLogQuery("Security", PathType.LogName, queryString));

for (EventRecord eventDetail = reader.ReadEvent(); eventDetail != null; eventDetail = reader.ReadEvent())
{
    if (eventDetail.Id == 4625 && eventDetail.TimeCreated >= AfterTime)// Extra security, check again
    {
                    IPlist.Add(eventDetail.Properties[eventDetail.Properties.Count - 2].Value.ToString()); // Get IP Adress, Last Second Element Has IP Adress
    }

}

var AttackerIP = IPlist.GroupBy(x => x).Select(x => x.Key).ToList();

    0 讨论(0)
 看不清?
提交回复
热议问题