是否有一种方法可以在pc/服务器上加载自定义事件查看器源

本文关键字:加载 服务器 自定义 事件 pc 一种 方法 是否 | 更新日期: 2023-09-27 18:04:57

我想查看服务器上的所有自定义事件查看器源。有没有一种方法,我可以找到这些通过运行脚本,而不是通过所有的事件日志。

可以安全地假设所有的自定义源都在Applications下。

理想的脚本可以是cmd提示符或c#。如果它不能,我很高兴采取其他语言的解决方案,只要它不需要我安装任何新的在服务器2008 R2上运行它。

谢谢

是否有一种方法可以在pc/服务器上加载自定义事件查看器源

这个c#程序在应用程序事件日志中写入控制台所有不同的源:

using System;
using System.Linq;
using System.Diagnostics;
public static class Program
{
    static void Main(string[] args)
    {
        new EventLog("Application")
            .Entries
            .Cast<EventLogEntry>()
            .Select(entry => entry.Source)
            .Distinct()
            .ToList()
            .ForEach(source => Console.WriteLine(source));
    }
}

编辑:

您可以在注册表中的键"HKEY_LOCAL_MACHINE'SYSTEM'CurrentControlSet'Services'EventLog'Application"(使用例如regedit)下找到在应用程序事件日志中注册的所有源。要在控制台中显示它们,使用以下程序:

using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
static void Main(string[] args)
{
    Registry
        .LocalMachine
        .OpenSubKey(@"SYSTEM'CurrentControlSet'Services'EventLog'Application")
        .GetSubKeyNames()
        .ToList()
        .ForEach(source => Console.WriteLine(source));
    }
}

不幸的是,我不知道如何区分预安装和自定义源(此信息似乎不存在于注册表中,我怀疑这样的信息是可用的)。


EDIT2: 我重新安装了Windows server 2008 R2,制作了预安装源的列表,并编辑了程序,不显示列表上的源。所以现在应该只显示自定义源:

using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
    static string[] PreinstalledSources = new[] { ".NET Runtime", ".NET Runtime Optimization Service", "Application", "Application Error", "Application Hang", "Application Management", "Application-Addon-Event-Provider", "ASP.NET 2.0.50727.0", "ASP.NET 4.0.30319.0", "AutoEnrollment", "CardSpace 3.0.0.0", "CardSpace 4.0.0.0", "CEPSvc", "CertCli", "CertEnroll", "CESSvc", "Chkdsk", "Citrix Xen Guest Agent", "COM", "COM+", "Customer Experience Improvement Program", "Desktop Window Manager", "DiskQuota", "Ec2Config", "ESENT", "EventSystem", "Folder Redirection", "Group Policy", "Group Policy Applications", "Group Policy Client", "Group Policy Data Sources", "Group Policy Device Settings", "Group Policy Drive Maps", "Group Policy Environment", "Group Policy Files", "Group Policy Folder Options", "Group Policy Folders", "Group Policy Ini Files", "Group Policy Internet Settings", "Group Policy Local Users and Groups", "Group Policy Mail Profiles", "Group Policy Network Options", "Group Policy Network Shares", "Group Policy Power Options", "Group Policy Printers", "Group Policy Regional Options", "Group Policy Registry", "Group Policy Scheduled Tasks", "Group Policy Services", "Group Policy Shortcuts", "Group Policy Standard Edition", "Group Policy Start Menu Settings", "Interactive Services detection", "ipmiprv", "LoadPerf", "Microsoft-Windows-Application-Experience", "Microsoft-Windows-ApplicationExperienceInfrastructure", "Microsoft-Windows-Audio", "Microsoft-Windows-CAPI2", "Microsoft-Windows-CertificateServicesClient", "Microsoft-Windows-CertificateServicesClient-AutoEnrollment", "Microsoft-Windows-CertificateServicesClient-CertEnroll", "Microsoft-Windows-CertificateServicesClient-CredentialRoaming", "Microsoft-Windows-CertificationAuthorityClient-CertCli", "Microsoft-Windows-Crypto-RNG", "Microsoft-Windows-Defrag", "Microsoft-Windows-DirectShow-Core", "Microsoft-Windows-DirectShow-KernelSupport", "Microsoft-Windows-EapHost", "Microsoft-Windows-EFS", "Microsoft-Windows-EventCollector", "Microsoft-Windows-Folder Redirection", "Microsoft-Windows-LoadPerf", "Microsoft-Windows-PerfCtrs", "Microsoft-Windows-PerfNet", "Microsoft-Windows-PerfOS", "Microsoft-Windows-PerfProc", "Microsoft-Windows-propsys", "Microsoft-Windows-RemoteApp and Desktop Connections", "Microsoft-Windows-RestartManager", "Microsoft-Windows-RPC-Events", "Microsoft-Windows-SoftwareRestrictionPolicies", "Microsoft-Windows-Spell-Checking", "Microsoft-Windows-SpellChecker", "Microsoft-Windows-TerminalServices-ClientActiveXCore", "Microsoft-Windows-User Profiles General", "Microsoft-Windows-User Profiles Service", "Microsoft-Windows-Video-For-Windows", "Microsoft-Windows-Winsrv", "Microsoft-Windows-WMI", "Microsoft-Windows-XWizards", "Microsoft.Transactions.Bridge 3.0.0.0", "Microsoft.Transactions.Bridge 4.0.0.0", "MSDTC", "MSDTC 2", "MSDTC Client", "MSDTC Client 2", "MsiInstaller", "PDH", "PerfCtrs", "PerfDisk", "Perflib", "PerfNet", "PerfOs", "PerfProc", "Process Exit Monitor", "Profsvc", "RasClient", "SceCli", "SceSrv", "SCW", "SCW Analysis", "ServiceModel Audit 3.0.0.0", "ServiceModel Audit 4.0.0.0", "SideBySide", "Software Installation", "Software Protection Platform Service", "Standard TCP/IP Port", "System.IdentityModel 3.0.0.0", "System.IdentityModel 4.0.0.0", "System.IO.Log 3.0.0.0", "System.IO.Log 4.0.0.0", "System.Runtime.Serialization 3.0.0.0", "System.Runtime.Serialization 4.0.0.0", "System.ServiceModel 3.0.0.0", "System.ServiceModel 4.0.0.0", "usbperf", "Userenv", "VBRuntime", "VSS", "VSSetup", "WerSvc", "Windows Error Reporting", "Wininit", "Winlogon", "WinMgmt", "Wlclntfy", "WMI.NET Provider Extension", "Wow64 Emulation Layer", "WSH", "xensvc" };
    static void Main(string[] args)
    {
        Registry
            .LocalMachine
            .OpenSubKey(@"SYSTEM'CurrentControlSet'Services'EventLog'Application")
            .GetSubKeyNames()
            .Except(PreinstalledSources, StringComparer.InvariantCulture)
            .ToList()
            .ForEach(source => Console.WriteLine(source));
    }
}