How do I read from an arbitrary evxt file using Sy

2019-09-18 19:46发布

How can I use EventLog to read from an arbitrary evtx file?

EventLogQuery is able to open evtx files, but it is not available in .NET 2.0.

标签： c# .net logging event-log

1条回答

成全新的幸福

2楼-- · 2019-09-18 20:36

Let's assume the log file is LogA.evtx.

Copy LogA.evtx to C:\Windows\System32\winevt\Logs.

Add a new registry key to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog

called LogA. E.g. in PowerShell:

Set-Location HKLM:

New-Item .\SYSTEM\CurrentControlSet\services\eventlog -Name LogA

Open Event Viewer to verify that LogA shows up under Applications and Services Logs.

You can now open LogA using EventLog:

using System;
using System.Diagnostics;

namespace EventLogTest
{
    class Program
    {
        static void Main(string[] args)
        {
            var log = new EventLog("LogA");

            Console.WriteLine(log.Entries.Count);
        }
    }
}

You can delete LogA via PowerShell:

[System.Diagnostics.EventLog]::Delete("LogA")

0人赞添加讨论(0) 举报

How do I read from an arbitrary evxt file using Sy

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间