先不說如何實現,先來看看效果圖:
讀取遠程的需要提供下遠程的計算用戶名和密碼即可。
如何實現這個代碼功能,請看如下代碼部分:
實體類:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace GetDNSListTool
{
public class EventLogEntity
{
string strEventType = string.Empty;
/// <summary>
/// 日志類型
/// </summary>
public string EventType
{
get { return strEventType; }
set { strEventType = value; }
}
string strTimeWritten = string.Empty;
/// <summary>
/// 日志日期
/// </summary>
public string TimeWritten
{
get { return strTimeWritten; }
set { strTimeWritten = value; }
}
string strCategory = string.Empty;
/// <summary>
/// 日志種類
/// </summary>
public string Category
{
get { return strCategory; }
set { strCategory = value; }
}
string strSourceName = string.Empty;
/// <summary>
/// 日志來源
/// </summary>
public string SourceName
{
get { return strSourceName; }
set { strSourceName = value; }
}
/// <summary>
/// Eevnet ID
/// </summary>
string strEventIdentifier = string.Empty;
public string EventIdentifier
{
get { return strEventIdentifier; }
set { strEventIdentifier = value; }
}
string strRecordNumber = string.Empty;
/// <summary>
/// 行號
/// </summary>
public string RecordNumber
{
get { return strRecordNumber; }
set { strRecordNumber = value; }
}
string strEventCode = string.Empty;
/// <summary>
/// 日志編碼
/// </summary>
public string EventCode
{
get { return strEventCode; }
set { strEventCode = value; }
}
string strCategoryString = string.Empty;
/// <summary>
/// CategoryString
/// </summary>
public string CategoryString
{
get { return strCategoryString; }
set { strCategoryString = value; }
}
string strMessage = string.Empty;
/// <summary>
/// 詳細錯誤
/// </summary>
public string Message
{
get { return strMessage; }
set { strMessage = value; }
}
}
}
#region//格式化信息類別
/// <summary>
/// 格式化信息類別
/// </summary>
/// <param name="val"></param>
/// <returns></returns>
private string GetEventTypeString(NTLogEvent.EventTypeValues val)
{
switch (val)
{
case NTLogEvent.EventTypeValues.Error:
return EventTypeDescription.Error;
case NTLogEvent.EventTypeValues.Warning:
return EventTypeDescription.Warning;
case NTLogEvent.EventTypeValues.Information:
return EventTypeDescription.Information;
case NTLogEvent.EventTypeValues.Security_audit_success:
return EventTypeDescription.SuccessAudit;
case NTLogEvent.EventTypeValues.Security_audit_failure:
return EventTypeDescription.FailureAudit;
default:
return EventTypeDescription.Unknown;
}
}
#endregion
#region//獲取日志文件
/// <summary>
/// 獲取日志文件
/// </summary>
/// <param name="topNumber">多少條</param>
/// <param name="eventCode">事件ID</param>
/// <param name="startTime">開始時間</param>
/// <param name="endTime">結束時間</param>
/// <returns>返回集合</returns>
public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode,
string startTime, string endTime)
{
List<EventLogEntity> logList = new List<EventLogEntity>();
try
{
//條件語句
StringBuilder query = new StringBuilder();
StringBuilder strWhere = new StringBuilder();
query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message from Win32_NTLogEvent ");
//日志ID
if (!string.IsNullOrEmpty(eventCode))
{
strWhere.Append(" AND eventCode = '");
strWhere.Append(eventCode);
strWhere.Append("'");
}
//開始日期
if (!string.IsNullOrEmpty(startTime))
{
strWhere.Append(" AND TimeWritten>= '");
strWhere.Append(getDmtfFromDateTime(startTime));
strWhere.Append("'");
}
//結束日期
if (!string.IsNullOrEmpty(endTime))
{
strWhere.Append(" AND TimeWritten<= '");
strWhere.Append(getDmtfFromDateTime(endTime));
strWhere.Append("'");
}
string laststrWhere = strWhere.ToString();
//如果有檢索條件
if (!string.IsNullOrEmpty(laststrWhere))
{
laststrWhere = " where " + laststrWhere.Substring(4);
}
//組合條件
query.Append(laststrWhere);
//值
ManagementObjectCollection moCollection = null;
//如果是本地
if (isLocal)
{
ManagementScope scope = new ManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery = new ObjectQuery(query.ToString());
//WQL語句,設定的WMI查詢內容和WMI的操作范圍,檢索WMI對象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
//異步調用WMI查詢
moCollection = Searcher.Get();
}
//表示遠程
else
{
//設定通過WMI要查詢的內容
ObjectQuery Query = new ObjectQuery(query.ToString());
//WQL語句,設定的WMI查詢內容和WMI的操作范圍,檢索WMI對象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
//異步調用WMI查詢
moCollection = Searcher.Get();
}
//循環
if (moCollection != null)
{
//計數器
int i = 0;
//foreach
foreach (ManagementObject mObject in moCollection)
{
//如果i==topNumber就退出循環
if (i == topNumber)
{
break;
}
EventLogEntity eventLog = new EventLogEntity();
//日志類型
eventLog.EventType = mObject["EventType"] == null ? string.Empty :
GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));
//日志種類
eventLog.Category = mObject["Category"] == null ? string.Empty :
mObject["Category"].ToString();
//日志種類
eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :
mObject["CategoryString"].ToString();
//日志編碼
eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :
mObject["EventCode"].ToString();
//日志ID
eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :
mObject["EventIdentifier"].ToString();
//行號
eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :
mObject["RecordNumber"].ToString();
//日期
eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :
getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());
//日志來源
eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :
mObject["SourceName"].ToString();
//詳細錯誤
eventLog.Message = mObject["Message"] == null ? string.Empty :
mObject["Message"].ToString();
//add
logList.Add(eventLog);
//
//
i++;
}
}
}
catch (Exception ex)
{
throw ex;
}
//
return logList;
}
#endregion
#region//根據行號檢索錯誤信息
/// <summary>
/// 根據行號檢索錯誤信息
/// </summary>
/// <param name="recordNumber">行號</param>
/// <returns>返回錯誤信息</returns>
public string GetErrMsg(uint recordNumber)
{
string Msg = string.Empty;
try
{
//條件語句
StringBuilder query = new StringBuilder();
query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");
query.Append(" RecordNumber='");
query.Append(recordNumber);
query.Append("'");
//值
ManagementObjectCollection moCollection = null;
//如果是本地
if (isLocal)
{
ManagementScope scope = new ManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery = new ObjectQuery(query.ToString());
//WQL語句,設定的WMI查詢內容和WMI的操作范圍,檢索WMI對象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
//異步調用WMI查詢
moCollection = Searcher.Get();
}
//表示遠程
else
{
//設定通過WMI要查詢的內容
ObjectQuery Query = new ObjectQuery(query.ToString());
//WQL語句,設定的WMI查詢內容和WMI的操作范圍,檢索WMI對象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
//異步調用WMI查詢
moCollection = Searcher.Get();
}
//檢索錯誤信息
foreach (ManagementObject mObject in moCollection)
{
//錯誤信息
string message = mObject["Message"] == null ?
string.Empty : mObject["Message"].ToString();
//錯誤信息
string[] insertionStrings =mObject["InsertionStrings"]==null?null:
(string[])mObject["InsertionStrings"];
//如果有錯誤信息
if (string.IsNullOrEmpty(message))
{
if (insertionStrings.Length > 0)
{
StringBuilder sb = new StringBuilder();
for (int i = 0; i < insertionStrings.Length; i++)
{
sb.Append(insertionStrings[i]);
sb.Append(" ");
}
Msg = sb.ToString();
}
}
else
{
Msg= message;
}
}
}
catch
{
}
//return
return string.IsNullOrEmpty(Msg) ? "無錯誤信息,請與管理員聯系核對!" : Msg;
}
#endregion
