首页 文章

C#WMI读取远程事件日志

提问于
浏览
2

我试图在最近5个小时左右的时间内对另一台计算机运行WMI查询以查找错误 . 在运行WMI查询时,您是否至少应该使用where子句过滤初始查询?

我的代码基于从MSDN上的WMI代码创建者生成的样本

这是我正在使用的选择查询

private ManagementScope CreateNewManagementScope(string server)
    {
        string serverString = @"\\" + server + @"\root\cimv2";

        ManagementScope scope = new ManagementScope(serverString);

        return scope;
    } 

            ManagementScope scope = CreateNewManagementScope(servername);
            scope.Connect();
            SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where TimeWritten > '" + DateTime.Now.AddHours(-5).ToString() + "'");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
            ManagementObjectCollection logs = searcher.Get();

            int iErrCount = logs.Count;

我只是想了解最近5个小时内的错误 . 它在计算时抛出错误 . 错误是相当模糊的“通用失败” .

[更新 - 现在使用这样的日期]

DateTime d = DateTime.UtcNow.AddHours(-12);
            string dateFilter = ManagementDateTimeConverter.ToDmtfDateTime(d);
            SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where Logfile='Application' AND Type='Error' AND TimeWritten > '" + dateFilter + "'");

使用上面的代码我没有得到任何结果,但我可以在事件日志中看到2个错误 . 日期过滤器有什么问题?

我正在使用这个例子http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx

c# wmi wmi-query

1 回答

  • 6

    我做了以下工作以使其发挥作用 . 我希望这有帮助..

    static void Main(string[] args)
    {
        var conOpt = new ConnectionOptions();
        conOpt.Impersonation = ImpersonationLevel.Impersonate;
        conOpt.EnablePrivileges = true;
        conOpt.Username = "username";
        conOpt.Password = "password";
        conOpt.Authority = string.Format("ntlmdomain:{0}", "yourdomain.com");

        var scope = new 
             ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", 
                                           "yourservername.yourdomain.com"),
                             conOpt);

        scope.Connect();
        bool isConnected = scope.IsConnected;
        if (isConnected)
        {

            /* entire day */ string dateTime = getDmtfFromDateTime(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
            string dateTime = getDmtfFromDateTime("09/06/2014 17:00:08"); // DateTime specific

            SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application' and TimeGenerated >='" + dateTime + "'");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
            ManagementObjectCollection logs = searcher.Get();
            foreach (var log in logs)
            {
                Console.WriteLine("Message : {0}", log["Message"]);
                Console.WriteLine("ComputerName : {0}", log["ComputerName"]);
                Console.WriteLine("Type : {0}", log["Type"]);
                Console.WriteLine("User : {0}", log["User"]);
                Console.WriteLine("EventCode : {0}", log["EventCode"]);
                Console.WriteLine("Category : {0}", log["Category"]);
                Console.WriteLine("SourceName : {0}", log["SourceName"]);
                Console.WriteLine("RecordNumber : {0}", log["RecordNumber"]);
                Console.WriteLine("TimeWritten : {0}", getDateTimeFromDmtfDate(log["TimeWritten"].ToString()));
            }
        }

        //ReadLog();
        Console.ReadLine();
    }

    private static string getDmtfFromDateTime(DateTime dateTime) 
    {
        return ManagementDateTimeConverter.ToDmtfDateTime(dateTime);
    }

    private static string getDmtfFromDateTime(string dateTime)
    {
        DateTime dateTimeValue = Convert.ToDateTime(dateTime);
        return getDmtfFromDateTime(dateTimeValue);
    }

    private static string getDateTimeFromDmtfDate(string dateTime)
    {
        return ManagementDateTimeConverter.ToDateTime(dateTime).ToString();
    }
    回复于

相关问题