读取特定的Windows安全日志

首先，您应该知道源名称(这是事件查看器中的一列，通常是编写事件日志信息的应用程序的名称)。

添加系统。对代码文件的诊断名称空间引用:

using System.Diagnostics

那么你必须创建一个EventLog实例。

// First, check if event log contains required source
if(EventLog.SourceExists("YourSourceName"))
{
    // Specify your source name and log name (e.g. Application, System or some custom name)
    EventLog log = new EventLog()
    {
        Source = "YourSourceName",
        Log = "Application"
    };
    // Enumerate through log entries
    foreach (EventLogEntry entry in log.Entries)
    {
        // Do something with log entries
        Console.WriteLine(entry.Message);
    }
     // You also may filter log entries by date (LINQ is used for this)
     foreach (EventLogEntry entry in log.Entries.Cast<EventLogEntry>().Where(x => (DateTime.Now - x.TimeGenerated).Days == 0))
    {
        // Do something with log entries
        Console.WriteLine(entry.Message);
    }
}