What is the simplest way to query event logs for message contents in C#?

纵饮孤独 提交于 2019-12-13 15:03:03

问题


I'm interested in writing some code to query the Windows Event Log for specific error message contents, as described in this MSDN article. However, I'm not a big fan of the mechanic of basically hand-rolling XPATH or a custom event view in the code...is there a simpler way of doing this? A LINQ provider perhaps?


回答1:


You can create a custom view in Event Viewer and copy the generated XML. The schema is exactly the same.

The other option is to read the events one at a time and check their contents using string searches, XPATH or LINQ to XML. Obviously, not the most scalable solution, especially when querying remote servers.

Googling can turn up some samples that seem to be using LINQ to query the Event Log but they really just enumerate over all the entries. There doesn't seem to be any provider that will really convert a LINQ query to the proper XML and return the results




回答2:


Maybe someone will find this useful...

I'm using LinqPad to query Security Event Log on remote machine. It working a little bit slowly but produces result I need. Query I'm using:

EventLog elog = new EventLog();
elog.MachineName = "REMOTE MACHINE NAME";
elog.Log = "Security";
var query = 
    from EventLogEntry e in elog.Entries
    where e.EventID == 560 // EVENT CODE (FILE DELETION IN MY CASE)
    && e.UserName == @"DOMAIN\USERNAME"
    && e.Message.Contains("TEXT INSIDE THE MESSAGE")
    select e;

query.Dump();


来源:https://stackoverflow.com/questions/9129941/what-is-the-simplest-way-to-query-event-logs-for-message-contents-in-c

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!