event-log

问题 I want to read event entries from a certain custom event log at c# program, And to filter them by their description. Is there a way to do it? Or a way to get the entries as collection so I will be able to select from that by condition? 回答1: Try something like this: string queryString = string.Format("*[System[TimeCreated[@SystemTime>='{0}' and @SystemTime<='{1}']]]", DateTime.Now.Date.AddDays(-10).ToString("s"), DateTime.Now.Date.ToString("s")); var q = new EventLogQuery("Microsoft-Windows

问题 We have an .NET desktop application that crashed in production. How do we diagnose the error? I'd like to know the type of exception that occurred, the error message, and the stack trace. Because the exception wasn't handled by our code, we received the "This application has encountered a problem and needs to close" Windows message box. The only option was to close, there was no debug button. This MSDN article suggested looking in the Windows Event registry. I checked there, and here's the

问题 I can't seem to write to the event log in .NET. I get the following exception: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security. I don't want to access the Security log. How do I get around this error? Thanks! 回答1: You can try to create an event log in your application like Lachlan suggests but realize that this will require administrator privs. Instead I reccomend that you take care of this in your

问题 How do you change the source name when writing to the event viewer in C# language? Currently have this string cs = "Application"; if (!EventLog.SourceExists(cs)) EventLog.CreateEventSource(cs, "ReceiveDaily"); EventLog.WriteEntry(cs, message.Message, EventLogEntryType.Error); If I change CS to anything else, I see a Security-Kerberos (0x7) popping up at my event viewer It writes the error in the errorlog when I put "Application" though. But then the source is "Application", which isn't a very

问题 How can I use EventLog to read from an arbitrary evtx file? EventLogQuery is able to open evtx files, but it is not available in .NET 2.0. 回答1: Let's assume the log file is LogA.evtx . Copy LogA.evtx to C:\Windows\System32\winevt\Logs . Add a new registry key to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog called LogA . E.g. in PowerShell: Set-Location HKLM: New-Item .\SYSTEM\CurrentControlSet\services\eventlog -Name LogA Open Event Viewer to verify that LogA shows up under

问题 This is a follow up to this question. I followed the accepted answer and thought I was satisfied with the results but ran into a roadblock. The Setup I'm running my C# program from the server that monitors a directory. Any time a file is modified, FileSystemWatcher triggers an event that causes the program to check the security audit logs (which have been turned on, see previous question's solution). The Problem My problem is that when I check the security logs after a remote user has

问题 I have been tasked with writing entries to the Windows security log. The entire project is Win32 C++ code. I have already written (with help from various online resources) a logging class that handles registration, deregistration, and code for executing the ReportEvent() call. Also, I've done the mc.exe and rc.exe steps for my event logging, if that helps establish where I'm at in the project. My question is a multi-parter: I've noticed at Filling Windows XP Security Event Log that there are

问题 I have created an SSIS package that will be deployed to client SQL installations (2005, 2008 or 2008 R2) to perform data extracts which provide a support tool for our product. The deployment process requires that a Windows AD account (normal user, no elevated privileges) is created as this is used as a service account to execute the SSIS package in a SQL Agent job by way of a credential and a proxy account. This all works perfectly and means I can restrict the privileges required to perform

问题 I have seen How do you create an event log source using WiX. My question is what is the common use (scenario) of specifying Event Source in Wix? I was thinking that specifying the source would list your application's install/uninstall process under that source in the event log so it would be easy to filter/check but even after doing that the source shows up as MsiInstaller for me. What am I doing wrong or am I misunderstanding the use of util:EventSource ? Here is my code : <Component Id=

问题 Following the advice of Henk, I've created a Setup Project in VS10 with the aim of adding a custom action. This custom action will hopefully add an EventLog whilst running as admin (ie during installation) rather than having my app throw an exception on OSes with UAC. Unfortunately, I don't ordinarily have access to an OS that uses UAC. The next time I do, I hope the installation will go smoothly. With that in mind, is there anything in the below code which is obviously wrong? using System;