有没有办法在 pc/server 上加载自定义事件查看器源?
Is there a way to load custom event viewer sources on a pc/server?
我想查看服务器上的所有自定义事件查看器源。有没有一种方法可以通过 运行 脚本而不是遍历所有事件日志来找到这些。
可以安全地假设所有自定义源都在应用程序下。
理想情况下,脚本可以是 cmd 提示符或 C#。
如果不能,我很乐意采用其他语言的解决方案,只要它不需要我在服务器 2008 R2 上安装 运行 的任何新内容。
谢谢
此 C# 程序写入控制台应用程序事件日志中的所有不同来源:
using System;
using System.Linq;
using System.Diagnostics;
public static class Program
{
static void Main(string[] args)
{
new EventLog("Application")
.Entries
.Cast<EventLogEntry>()
.Select(entry => entry.Source)
.Distinct()
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}
编辑:
您可以在注册表的 "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application" 键下找到在应用程序事件日志中注册的所有源(例如使用 regedit)。要在控制台中显示它们,请使用此程序:
using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
static void Main(string[] args)
{
Registry
.LocalMachine
.OpenSubKey(@"SYSTEM\CurrentControlSet\Services\EventLog\Application")
.GetSubKeyNames()
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}
不幸的是,我不知道如何区分预装源和自定义源(此信息似乎不存在于注册表中,我怀疑此类信息是否可用)。
编辑2:
我全新安装了 Windows server 2008 R2,制作了预装源列表并编辑了程序以不显示该列表中的源。所以现在应该只显示自定义来源:
using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
static string[] PreinstalledSources = new[] { ".NET Runtime", ".NET Runtime Optimization Service", "Application", "Application Error", "Application Hang", "Application Management", "Application-Addon-Event-Provider", "ASP.NET 2.0.50727.0", "ASP.NET 4.0.30319.0", "AutoEnrollment", "CardSpace 3.0.0.0", "CardSpace 4.0.0.0", "CEPSvc", "CertCli", "CertEnroll", "CESSvc", "Chkdsk", "Citrix Xen Guest Agent", "COM", "COM+", "Customer Experience Improvement Program", "Desktop Window Manager", "DiskQuota", "Ec2Config", "ESENT", "EventSystem", "Folder Redirection", "Group Policy", "Group Policy Applications", "Group Policy Client", "Group Policy Data Sources", "Group Policy Device Settings", "Group Policy Drive Maps", "Group Policy Environment", "Group Policy Files", "Group Policy Folder Options", "Group Policy Folders", "Group Policy Ini Files", "Group Policy Internet Settings", "Group Policy Local Users and Groups", "Group Policy Mail Profiles", "Group Policy Network Options", "Group Policy Network Shares", "Group Policy Power Options", "Group Policy Printers", "Group Policy Regional Options", "Group Policy Registry", "Group Policy Scheduled Tasks", "Group Policy Services", "Group Policy Shortcuts", "Group Policy Standard Edition", "Group Policy Start Menu Settings", "Interactive Services detection", "ipmiprv", "LoadPerf", "Microsoft-Windows-Application-Experience", "Microsoft-Windows-ApplicationExperienceInfrastructure", "Microsoft-Windows-Audio", "Microsoft-Windows-CAPI2", "Microsoft-Windows-CertificateServicesClient", "Microsoft-Windows-CertificateServicesClient-AutoEnrollment", "Microsoft-Windows-CertificateServicesClient-CertEnroll", "Microsoft-Windows-CertificateServicesClient-CredentialRoaming", "Microsoft-Windows-CertificationAuthorityClient-CertCli", "Microsoft-Windows-Crypto-RNG", "Microsoft-Windows-Defrag", "Microsoft-Windows-DirectShow-Core", "Microsoft-Windows-DirectShow-KernelSupport", "Microsoft-Windows-EapHost", "Microsoft-Windows-EFS", "Microsoft-Windows-EventCollector", "Microsoft-Windows-Folder Redirection", "Microsoft-Windows-LoadPerf", "Microsoft-Windows-PerfCtrs", "Microsoft-Windows-PerfNet", "Microsoft-Windows-PerfOS", "Microsoft-Windows-PerfProc", "Microsoft-Windows-propsys", "Microsoft-Windows-RemoteApp and Desktop Connections", "Microsoft-Windows-RestartManager", "Microsoft-Windows-RPC-Events", "Microsoft-Windows-SoftwareRestrictionPolicies", "Microsoft-Windows-Spell-Checking", "Microsoft-Windows-SpellChecker", "Microsoft-Windows-TerminalServices-ClientActiveXCore", "Microsoft-Windows-User Profiles General", "Microsoft-Windows-User Profiles Service", "Microsoft-Windows-Video-For-Windows", "Microsoft-Windows-Winsrv", "Microsoft-Windows-WMI", "Microsoft-Windows-XWizards", "Microsoft.Transactions.Bridge 3.0.0.0", "Microsoft.Transactions.Bridge 4.0.0.0", "MSDTC", "MSDTC 2", "MSDTC Client", "MSDTC Client 2", "MsiInstaller", "PDH", "PerfCtrs", "PerfDisk", "Perflib", "PerfNet", "PerfOs", "PerfProc", "Process Exit Monitor", "Profsvc", "RasClient", "SceCli", "SceSrv", "SCW", "SCW Analysis", "ServiceModel Audit 3.0.0.0", "ServiceModel Audit 4.0.0.0", "SideBySide", "Software Installation", "Software Protection Platform Service", "Standard TCP/IP Port", "System.IdentityModel 3.0.0.0", "System.IdentityModel 4.0.0.0", "System.IO.Log 3.0.0.0", "System.IO.Log 4.0.0.0", "System.Runtime.Serialization 3.0.0.0", "System.Runtime.Serialization 4.0.0.0", "System.ServiceModel 3.0.0.0", "System.ServiceModel 4.0.0.0", "usbperf", "Userenv", "VBRuntime", "VSS", "VSSetup", "WerSvc", "Windows Error Reporting", "Wininit", "Winlogon", "WinMgmt", "Wlclntfy", "WMI.NET Provider Extension", "Wow64 Emulation Layer", "WSH", "xensvc" };
static void Main(string[] args)
{
Registry
.LocalMachine
.OpenSubKey(@"SYSTEM\CurrentControlSet\Services\EventLog\Application")
.GetSubKeyNames()
.Except(PreinstalledSources, StringComparer.InvariantCulture)
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}
我想查看服务器上的所有自定义事件查看器源。有没有一种方法可以通过 运行 脚本而不是遍历所有事件日志来找到这些。
可以安全地假设所有自定义源都在应用程序下。
理想情况下,脚本可以是 cmd 提示符或 C#。 如果不能,我很乐意采用其他语言的解决方案,只要它不需要我在服务器 2008 R2 上安装 运行 的任何新内容。
谢谢
此 C# 程序写入控制台应用程序事件日志中的所有不同来源:
using System;
using System.Linq;
using System.Diagnostics;
public static class Program
{
static void Main(string[] args)
{
new EventLog("Application")
.Entries
.Cast<EventLogEntry>()
.Select(entry => entry.Source)
.Distinct()
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}
编辑:
您可以在注册表的 "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application" 键下找到在应用程序事件日志中注册的所有源(例如使用 regedit)。要在控制台中显示它们,请使用此程序:
using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
static void Main(string[] args)
{
Registry
.LocalMachine
.OpenSubKey(@"SYSTEM\CurrentControlSet\Services\EventLog\Application")
.GetSubKeyNames()
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}
不幸的是,我不知道如何区分预装源和自定义源(此信息似乎不存在于注册表中,我怀疑此类信息是否可用)。
编辑2: 我全新安装了 Windows server 2008 R2,制作了预装源列表并编辑了程序以不显示该列表中的源。所以现在应该只显示自定义来源:
using System;
using System.Linq;
using Microsoft.Win32;
public static class Program
{
static string[] PreinstalledSources = new[] { ".NET Runtime", ".NET Runtime Optimization Service", "Application", "Application Error", "Application Hang", "Application Management", "Application-Addon-Event-Provider", "ASP.NET 2.0.50727.0", "ASP.NET 4.0.30319.0", "AutoEnrollment", "CardSpace 3.0.0.0", "CardSpace 4.0.0.0", "CEPSvc", "CertCli", "CertEnroll", "CESSvc", "Chkdsk", "Citrix Xen Guest Agent", "COM", "COM+", "Customer Experience Improvement Program", "Desktop Window Manager", "DiskQuota", "Ec2Config", "ESENT", "EventSystem", "Folder Redirection", "Group Policy", "Group Policy Applications", "Group Policy Client", "Group Policy Data Sources", "Group Policy Device Settings", "Group Policy Drive Maps", "Group Policy Environment", "Group Policy Files", "Group Policy Folder Options", "Group Policy Folders", "Group Policy Ini Files", "Group Policy Internet Settings", "Group Policy Local Users and Groups", "Group Policy Mail Profiles", "Group Policy Network Options", "Group Policy Network Shares", "Group Policy Power Options", "Group Policy Printers", "Group Policy Regional Options", "Group Policy Registry", "Group Policy Scheduled Tasks", "Group Policy Services", "Group Policy Shortcuts", "Group Policy Standard Edition", "Group Policy Start Menu Settings", "Interactive Services detection", "ipmiprv", "LoadPerf", "Microsoft-Windows-Application-Experience", "Microsoft-Windows-ApplicationExperienceInfrastructure", "Microsoft-Windows-Audio", "Microsoft-Windows-CAPI2", "Microsoft-Windows-CertificateServicesClient", "Microsoft-Windows-CertificateServicesClient-AutoEnrollment", "Microsoft-Windows-CertificateServicesClient-CertEnroll", "Microsoft-Windows-CertificateServicesClient-CredentialRoaming", "Microsoft-Windows-CertificationAuthorityClient-CertCli", "Microsoft-Windows-Crypto-RNG", "Microsoft-Windows-Defrag", "Microsoft-Windows-DirectShow-Core", "Microsoft-Windows-DirectShow-KernelSupport", "Microsoft-Windows-EapHost", "Microsoft-Windows-EFS", "Microsoft-Windows-EventCollector", "Microsoft-Windows-Folder Redirection", "Microsoft-Windows-LoadPerf", "Microsoft-Windows-PerfCtrs", "Microsoft-Windows-PerfNet", "Microsoft-Windows-PerfOS", "Microsoft-Windows-PerfProc", "Microsoft-Windows-propsys", "Microsoft-Windows-RemoteApp and Desktop Connections", "Microsoft-Windows-RestartManager", "Microsoft-Windows-RPC-Events", "Microsoft-Windows-SoftwareRestrictionPolicies", "Microsoft-Windows-Spell-Checking", "Microsoft-Windows-SpellChecker", "Microsoft-Windows-TerminalServices-ClientActiveXCore", "Microsoft-Windows-User Profiles General", "Microsoft-Windows-User Profiles Service", "Microsoft-Windows-Video-For-Windows", "Microsoft-Windows-Winsrv", "Microsoft-Windows-WMI", "Microsoft-Windows-XWizards", "Microsoft.Transactions.Bridge 3.0.0.0", "Microsoft.Transactions.Bridge 4.0.0.0", "MSDTC", "MSDTC 2", "MSDTC Client", "MSDTC Client 2", "MsiInstaller", "PDH", "PerfCtrs", "PerfDisk", "Perflib", "PerfNet", "PerfOs", "PerfProc", "Process Exit Monitor", "Profsvc", "RasClient", "SceCli", "SceSrv", "SCW", "SCW Analysis", "ServiceModel Audit 3.0.0.0", "ServiceModel Audit 4.0.0.0", "SideBySide", "Software Installation", "Software Protection Platform Service", "Standard TCP/IP Port", "System.IdentityModel 3.0.0.0", "System.IdentityModel 4.0.0.0", "System.IO.Log 3.0.0.0", "System.IO.Log 4.0.0.0", "System.Runtime.Serialization 3.0.0.0", "System.Runtime.Serialization 4.0.0.0", "System.ServiceModel 3.0.0.0", "System.ServiceModel 4.0.0.0", "usbperf", "Userenv", "VBRuntime", "VSS", "VSSetup", "WerSvc", "Windows Error Reporting", "Wininit", "Winlogon", "WinMgmt", "Wlclntfy", "WMI.NET Provider Extension", "Wow64 Emulation Layer", "WSH", "xensvc" };
static void Main(string[] args)
{
Registry
.LocalMachine
.OpenSubKey(@"SYSTEM\CurrentControlSet\Services\EventLog\Application")
.GetSubKeyNames()
.Except(PreinstalledSources, StringComparer.InvariantCulture)
.ToList()
.ForEach(source => Console.WriteLine(source));
}
}