问题
How can I use EventLog to read from an arbitrary evtx file?
EventLogQuery is able to open evtx files, but it is not available in .NET 2.0.
回答1:
Let's assume the log file is LogA.evtx.
Copy LogA.evtx to C:\Windows\System32\winevt\Logs.
Add a new registry key to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
called LogA. E.g. in PowerShell:
Set-Location HKLM:
New-Item .\SYSTEM\CurrentControlSet\services\eventlog -Name LogA
Open Event Viewer to verify that LogA shows up under Applications and Services Logs.
You can now open LogA using EventLog:
using System;
using System.Diagnostics;
namespace EventLogTest
{
class Program
{
static void Main(string[] args)
{
var log = new EventLog("LogA");
Console.WriteLine(log.Entries.Count);
}
}
}
You can delete LogA via PowerShell:
[System.Diagnostics.EventLog]::Delete("LogA")
来源:https://stackoverflow.com/questions/19803351/how-do-i-read-from-an-arbitrary-evxt-file-using-system-diagnostics-eventlog