EventLogReader 通过创建的 TimeDate 过滤 EventLogQuery
EventLogReader filter EventLogQuery by created TimeDate
我目前的问题是,我不知道那些事件日志查询的语法。我想要一个能给我过去一周的所有事件的查询
private Result<List<AssetManagementEventlogDTO>> GetEvents()
{
var eventList = new List<AssetManagementEventlogDTO>();
string queryString = " *";
SecureString pw = new SecureString();
foreach (char c in Password)
{
pw.AppendChar(c);
}
EventLogSession session = new EventLogSession(
IP, // Remote Computer
Domain, // Domain
Username, // Username
pw,
SessionAuthentication.Default);
EventLogQuery query = new EventLogQuery("Security", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.Security);
query = new EventLogQuery("Application", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.Application);
query = new EventLogQuery("System", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.System);
return Result<List<AssetManagementEventlogDTO>>.AsSuccess(eventList);
}
好的,我现在知道语法是如何工作的了:
var daysAgo7 = DateTime.Now.AddDays(-7);
string queryString = $"*[System/TimeCreated/@SystemTime >= '{daysAgo7.ToString("yyyy-MM-dd")}T00:00:00.000000000K']";
我目前的问题是,我不知道那些事件日志查询的语法。我想要一个能给我过去一周的所有事件的查询
private Result<List<AssetManagementEventlogDTO>> GetEvents()
{
var eventList = new List<AssetManagementEventlogDTO>();
string queryString = " *";
SecureString pw = new SecureString();
foreach (char c in Password)
{
pw.AppendChar(c);
}
EventLogSession session = new EventLogSession(
IP, // Remote Computer
Domain, // Domain
Username, // Username
pw,
SessionAuthentication.Default);
EventLogQuery query = new EventLogQuery("Security", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.Security);
query = new EventLogQuery("Application", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.Application);
query = new EventLogQuery("System", PathType.FilePath, queryString);
query.Session = session;
GetEventlog(query, eventList, AssetManagementEventlogType.System);
return Result<List<AssetManagementEventlogDTO>>.AsSuccess(eventList);
}
好的,我现在知道语法是如何工作的了:
var daysAgo7 = DateTime.Now.AddDays(-7);
string queryString = $"*[System/TimeCreated/@SystemTime >= '{daysAgo7.ToString("yyyy-MM-dd")}T00:00:00.000000000K']";