如何在c#中审计Windows安全事件日志的失败事件
本文关键字:日志 安全事件 失败 事件 Windows 审计 | 更新日期: 2023-09-27 18:01:29
我需要在Window log -> Security事件下立即访问Audit Failure,当它记录日志时,是否有任何方法可以立即捕获它。我需要访问实时尝试。
目前我正在阅读这从EventLogEntry类在c#,但我需要一个我的应用程序运行时,Audit Failure发生。
foreach (EventLogEntry entry in log.Entries)
{
if (entry.EntryType==EventLogEntryType.FailureAudit)
{
///
}
}
类似于:
EventLog myNewLog = new EventLog();
myNewLog.Log = "MyCustomLog";
myNewLog.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
myNewLog.EnableRaisingEvents = true;
事件日志事件,有些像这样我想触发windows日志也
您可以使用EventLog.GetEventLogs()方法获取事件日志:
class Program
{
static void Main(string[] args)
{
EventLog log = EventLog.GetEventLogs().First(o => o.Log == "Security");
log.EnableRaisingEvents = true;
log.EntryWritten += (s, e) => { Console.WriteLine(e.Entry.EntryType); };
Console.WriteLine(log.LogDisplayName);
Console.ReadKey();
}
}
void Main()
{
var eventLog = new EventLog();
eventLog.Log = "Security";
eventLog.Entries.Cast<EventLogEntry>()
.OrderByDescending(e => e.TimeGenerated);
}