先不说如何实现,先来看看效果图:
读取远程的需要提供下远程的计算用户名和密码即可。
如何实现这个代码功能,请看如下代码部分:
#region//获取日志文件
/// <summary>
/// 获取日志文件 /// </summary>
/// <param name="topNumber">多少条</param>
/// <param name="eventCode">事件ID</param>
/// <param name="startTime">开始时间</param>
/// <param name="endTime">结束时间</param>
/// <returns>返回集合</returns>
public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode,
string startTime, string endTime)
{
List<EventLogEntity> logList = new List<EventLogEntity>(); try
{ //条件语句
StringBuilder query = new StringBuilder();
StringBuilder strWhere = new StringBuilder();
query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message from Win32_NTLogEvent "); //日志ID
if (!string.IsNullOrEmpty(eventCode))
{
strWhere.Append(" AND eventCode = '");
strWhere.Append(eventCode);
strWhere.Append("'");
} //开始日期
if (!string.IsNullOrEmpty(startTime))
{
strWhere.Append(" AND TimeWritten>= '");
strWhere.Append(getDmtfFromDateTime(startTime));
strWhere.Append("'");
} //结束日期
if (!string.IsNullOrEmpty(endTime))
{
strWhere.Append(" AND TimeWritten<= '");
strWhere.Append(getDmtfFromDateTime(endTime));
strWhere.Append("'");
} string laststrWhere = strWhere.ToString(); //如果有检索条件
if (!string.IsNullOrEmpty(laststrWhere))
{
laststrWhere = " where " + laststrWhere.Substring(4);
} //组合条件 query.Append(laststrWhere); //值
ManagementObjectCollection moCollection = null; //如果是本地
if (isLocal)
{
ManagementScope scope = new ManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery); //异步调用WMI查询
moCollection = Searcher.Get();
} //表示远程
else
{ //设定通过WMI要查询的内容
ObjectQuery Query = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query); //异步调用WMI查询
moCollection = Searcher.Get();
} //循环
if (moCollection != null)
{
//计数器
int i = 0; //foreach
foreach (ManagementObject mObject in moCollection)
{ //如果i==topNumber就退出循环
if (i == topNumber)
{ break;
}
EventLogEntity eventLog = new EventLogEntity(); //日志类型
eventLog.EventType = mObject["EventType"] == null ? string.Empty :
GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"])))); //日志种类
eventLog.Category = mObject["Category"] == null ? string.Empty :
mObject["Category"].ToString(); //日志种类
eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :
mObject["CategoryString"].ToString(); //日志编码
eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :
mObject["EventCode"].ToString(); //日志ID
eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :
mObject["EventIdentifier"].ToString(); //行号
eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :
mObject["RecordNumber"].ToString(); //日期
eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :
getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());
//日志来源
eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :
mObject["SourceName"].ToString(); //详细错误
eventLog.Message = mObject["Message"] == null ? string.Empty :
mObject["Message"].ToString(); //add logList.Add(eventLog); //
// i++;
}
}
} catch (Exception ex)
{ throw ex;
} // return logList;
} #endregion
#region//根据行号检索错误信息
/// <summary>
/// 根据行号检索错误信息 /// </summary>
/// <param name="recordNumber">行号</param>
/// <returns>返回错误信息</returns>
public string GetErrMsg(uint recordNumber)
{ string Msg = string.Empty; try
{ //条件语句
StringBuilder query = new StringBuilder();
query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");
query.Append(" RecordNumber='");
query.Append(recordNumber);
query.Append("'"); //值
ManagementObjectCollection moCollection = null; //如果是本地
if (isLocal)
{
ManagementScope scope = new ManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery); //异步调用WMI查询
moCollection = Searcher.Get();
} //表示远程
else
{ //设定通过WMI要查询的内容
ObjectQuery Query = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query); //异步调用WMI查询
moCollection = Searcher.Get();
} //检索错误信息
foreach (ManagementObject mObject in moCollection)
{ //错误信息
string message = mObject["Message"] == null ? string.Empty : mObject["Message"].ToString(); //错误信息
string[] insertionStrings =mObject["InsertionStrings"]==null?null:
(string[])mObject["InsertionStrings"]; //如果有错误信息
if (string.IsNullOrEmpty(message))
{ if (insertionStrings.Length > 0)
{
StringBuilder sb = new StringBuilder(); for (int i = 0; i < insertionStrings.Length; i++)
{
sb.Append(insertionStrings[i]);
sb.Append(" ");
}
Msg = sb.ToString();
}
} else
{
Msg= message;
}
}
} catch
{
} //return
return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;
} #endregion