What is the simplest way to query event logs for m

2019-07-04 03:15发布

I'm interested in writing some code to query the Windows Event Log for specific error message contents, as described in this MSDN article. However, I'm not a big fan of the mechanic of basically hand-rolling XPATH or a custom event view in the code...is there a simpler way of doing this? A LINQ provider perhaps?

标签： c# .net event-log

2条回答

霸刀☆藐视天下

2楼-- · 2019-07-04 03:56

You can create a custom view in Event Viewer and copy the generated XML. The schema is exactly the same.

The other option is to read the events one at a time and check their contents using string searches, XPATH or LINQ to XML. Obviously, not the most scalable solution, especially when querying remote servers.

Googling can turn up some samples that seem to be using LINQ to query the Event Log but they really just enumerate over all the entries. There doesn't seem to be any provider that will really convert a LINQ query to the proper XML and return the results

0人赞添加讨论(0) 举报

甜甜的少女心

3楼-- · 2019-07-04 04:01

Maybe someone will find this useful...

I'm using LinqPad to query Security Event Log on remote machine. It working a little bit slowly but produces result I need. Query I'm using:

EventLog elog = new EventLog();
elog.MachineName = "REMOTE MACHINE NAME";
elog.Log = "Security";
var query = 
    from EventLogEntry e in elog.Entries
    where e.EventID == 560 // EVENT CODE (FILE DELETION IN MY CASE)
    && e.UserName == @"DOMAIN\USERNAME"
    && e.Message.Contains("TEXT INSIDE THE MESSAGE")
    select e;

query.Dump();

0人赞添加讨论(0) 举报

What is the simplest way to query event logs for m

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间