c# Read real time from windows event log

大城市里の小女人 提交于 2020-01-30 09:09:15

问题


i can succesfully read events from event log. But polling all events has very bad performance. I wonder if there is an event or something that i can subscribe to catch log entries "as they happen"?

Is this possible?

EventLog log = new EventLog("Security");
        var entries = log.Entries.Cast<EventLogEntry>().Where(x => x.InstanceId == 4624).Select(x => new
        {
            x.MachineName,
            x.Site,
            x.Source,
            x.UserName,
            x.Message
        }).ToList();
        Console.WriteLine(entries[0].UserName);

回答1:


You can use EventLogWatcher for this purpose. You can subscribe to desired log filter(s) and implement a handler function to execute when you receive any events.

    public static void eventLogSubscription()
    {

        using (EventLog eventLog = new EventLog("Application"))
        {
            String path = Path.GetTempPath();
            eventLog.Source = "Event Log Reader Application";
            eventLog.WriteEvent(new EventInstance(1003, 0, EventLogEntryType.Information), new object[] { "The event log watcher has started" , path});
            //eventLog.WriteEntry(arg.EventRecord.ToXml(), EventLogEntryType.Information, 1001, 1);
            eventLog.Dispose();
        }
        EventLogWatcher watcher = null;
        try
        {
            string eventQueryString = "*[System/EventID=4688]" +
                                           "and " +
                                           "*[EventData[Data[@Name = 'NewProcessName'] = 'C:\\Windows\\explorer.exe']] )" +

            EventLogQuery eventQuery = new EventLogQuery(
                "Security", PathType.LogName, eventQueryString);

            watcher = new EventLogWatcher(eventQuery);
            watcher.EventRecordWritten +=
                new EventHandler<EventRecordWrittenEventArgs>(
                    handlerExplorerLaunch);
            watcher.Enabled = true;
            }
        }
        catch (EventLogReadingException e)
        {
            Console.WriteLine("Error reading the log: {0}", e.Message);
        }
        Console.ReadKey();
    }

    public static void handlerExplorerLaunch(object obj,
        EventRecordWrittenEventArgs arg)
    {            if (arg.EventRecord != null)
        {

            using (EventLog eventLog = new EventLog("Application"))
            {
                eventLog.Source = "Event Log Reader Application";
                eventLog.WriteEvent(new EventInstance(1001, 0, EventLogEntryType.Information), new object[] {arg.EventRecord.FormatDescription() });
                //eventLog.WriteEntry(arg.EventRecord.ToXml(), EventLogEntryType.Information, 1001, 1);
                eventLog.Dispose();
            }
        }
        else
        {
            Console.WriteLine("The event instance was null.");

        }
    }


来源:https://stackoverflow.com/questions/42168823/c-sharp-read-real-time-from-windows-event-log

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!