如何收集所有系统事件日志并将其保存到文件中
本文关键字:存到文件 日志 何收集 有系统 事件 | 更新日期: 2023-09-27 18:24:59
我正在尝试使用此函数:
public void DoBackup(string sLogName)
{
string sBackup = sLogName; // could be for example "Application"
EventLog log = new EventLog();
log.Source = sBackup;
var query = from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select entry;
string sBackupName = sBackup + "Log";
var xml = new XDocument(
new XElement(sBackupName,
from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select new XElement("Log",
new XElement("Message", entry.Message),
new XElement("TimeGenerated", entry.TimeGenerated),
new XElement("Source", entry.Source),
new XElement("EntryType", entry.EntryType.ToString())
)
)
);
DateTime oggi = DateTime.Now;
string sToday = DateTime.Now.ToString("yyyyMMdd_hhmmss");
string path = String.Format("{0}_{1}.xml", sBackupName, sToday);
xml.Save(Path.Combine(Environment.CurrentDirectory, path));
}
一般来说,我想创建两个文件:
- 所有应用程序事件日志的文本文件
- 所有系统事件日志的文本文件
我这样调用这个函数:
DoBackup("测试");但当运行它时,我在上得到了一个异常
var xml = new XDocument(
new XElement(sBackupName,
from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select new XElement("Log",
new XElement("Message", entry.Message),
new XElement("TimeGenerated", entry.TimeGenerated),
new XElement("Source", entry.Source),
new XElement("EntryType", entry.EntryType.ToString())
)
)
);
尚未指定日志属性值
System.ArgumentException was unhandled
HResult=-2147024809
Message=Log property value has not been specified.
Source=System
StackTrace:
at System.Diagnostics.EventLogInternal.OpenForRead(String currentMachineName)
at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32 index)
at System.Diagnostics.EventLogEntryCollection.EntriesEnumerator.MoveNext()
at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.OrderedEnumerable`1.<GetEnumerator>d__0.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Xml.Linq.XContainer.AddContentSkipNotify(Object content)
at System.Xml.Linq.XElement..ctor(XName name, Object content)
at Diagnostic_Tool_Blue_Screen.Form1.DoBackup(String sLogName) in d:'C-Sharp'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Form1.cs:line 161
at Diagnostic_Tool_Blue_Screen.Form1.Diagnose_Click(Object sender, EventArgs e) in d:'C-Sharp'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Form1.cs:line 57
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(Form mainForm)
at Diagnostic_Tool_Blue_Screen.Program.Main() in d:'C-Sharp'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Diagnostic Tool Blue Screen'Program.cs:line 19
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException:
最后,我硬盘上文本文件的内容应该是这样的:
Event[0]:
Log Name: System
Source: EventLog
Date: 2013-01-17T03:19:18.000
Event ID: 6011
Task: N/A
Level: Information
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: windows-uj49s6b
Description:
The NetBIOS name and DNS host name of this machine have been changed from WINDOWS-UJ49S6B to WIN-F1MN9CTN28S.
Event[1]:
Log Name: System
EventApp文本文件为18mb,EventSys文本文件约为3mb。
使用EventLog.在尝试从不存在的日志中获取条目之前存在:
if (!EventLog.Exists(sLogName))
return; // or show error message
// build xml
EventLog log = new EventLog(sLogName); // specify log name
var xml = new XDocument(
new XElement(sLogName,
from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select new XElement("Log",
new XElement("Message", entry.Message),
new XElement("TimeGenerated", entry.TimeGenerated),
new XElement("Source", entry.Source),
new XElement("EntryType", entry.EntryType.ToString())
)
));