如何在事件日志中获取 UserData?
How to get UserData in Event log?
我需要搜索事件日志,这是我的代码:
IEnumerable<EventLogEntry> q = (
from entry in el.Entries.Cast<EventLogEntry>()
where entry.Source == sourceName
orderby entry.TimeGenerated descending
select entry
)
在事件日志中,它有UserData,其中包括一些我需要的数据:
在 EventLogEntry 中,我可以获得一些数据,即 Message,但不是所有数据,即 Subject、HealthSet、..
所以问题是:如何获取事件日志条目的XML?假设我可以从那里访问 UserData。
谢谢
你可以试试:
EventLogQuery query = new EventLogQuery("Setup", PathType.LogName);
EventLogReader reader = new EventLogReader(query);
EventRecord record;
while ((record = reader.ReadEvent()) != null)
Debug.WriteLine(record.ToXml());
示例输出字符串包含 <UserData>:
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Servicing' Guid='{BD12F3B8-FC40-4A61-A307-B7A013A069C1}'/><EventID>4</EventID><Version>0</Version><Level>0</Level><Task>1</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2015-10-15T14:01:06.098062300Z'/><EventRecordID>109</EventRecordID><Correlation/><Execution ProcessID='10060' ThreadID='4452'/><Channel>Setup</Channel><Computer>WINWIZ</Computer><Security UserID='S-1-5-18'/></System><UserData><CbsPackageChangeState xmlns='http://manifests.microsoft.com/win/2004/08/windows/setup_provider'><PackageIdentifier>KB3097617</PackageIdentifier><IntendedPackageState>Installed</IntendedPackageState><ErrorCode>0x0</ErrorCode><Client>WindowsUpdateAgent</Client></CbsPackageChangeState></UserData></Event>
我需要搜索事件日志,这是我的代码:
IEnumerable<EventLogEntry> q = (
from entry in el.Entries.Cast<EventLogEntry>()
where entry.Source == sourceName
orderby entry.TimeGenerated descending
select entry
)
在事件日志中,它有UserData,其中包括一些我需要的数据:
在 EventLogEntry 中,我可以获得一些数据,即 Message,但不是所有数据,即 Subject、HealthSet、..
所以问题是:如何获取事件日志条目的XML?假设我可以从那里访问 UserData。
谢谢
你可以试试:
EventLogQuery query = new EventLogQuery("Setup", PathType.LogName);
EventLogReader reader = new EventLogReader(query);
EventRecord record;
while ((record = reader.ReadEvent()) != null)
Debug.WriteLine(record.ToXml());
示例输出字符串包含 <UserData>:
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Servicing' Guid='{BD12F3B8-FC40-4A61-A307-B7A013A069C1}'/><EventID>4</EventID><Version>0</Version><Level>0</Level><Task>1</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2015-10-15T14:01:06.098062300Z'/><EventRecordID>109</EventRecordID><Correlation/><Execution ProcessID='10060' ThreadID='4452'/><Channel>Setup</Channel><Computer>WINWIZ</Computer><Security UserID='S-1-5-18'/></System><UserData><CbsPackageChangeState xmlns='http://manifests.microsoft.com/win/2004/08/windows/setup_provider'><PackageIdentifier>KB3097617</PackageIdentifier><IntendedPackageState>Installed</IntendedPackageState><ErrorCode>0x0</ErrorCode><Client>WindowsUpdateAgent</Client></CbsPackageChangeState></UserData></Event>