Re: Is there a way to query Security Event Log with Filter in C#?
- From: Pucca <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 5 Jan 2007 14:16:00 -0800
Thanks Willy. I am login as an administrator on my Win2k server. Is there
any other setting that I need to configure for an administrator? Thanks.
--
Thanks.
"Willy Denoyette [MVP]" wrote:
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:781462FF-AAFB-4197-9942-3FE17C6CDF23@xxxxxxxxxxxxxxxx
The odd thing is that it works when I change the logfile = 'Application'.
Wieht Security it retrievs 0 entry. Why is that so? I did verify that I
have over 55k of entries in Security log in Event Viewer.
--
Thanks.
"Pucca" wrote:
Thanks Peter. I tried it in my code but it's just exiting when it eaches the
statement mos.get(). Can you see what's wrong here? Also, where can I look
up syntax format and the properties names for the Security log? Thanks.
private void GetLog()
{
//string SomeDateTime = "20060101000000.000000+000";
//string Query = String.Format("SELECT * FROM Win32_NTLogEvent WHERE
Logfile = 'Security' AND TimeGenerated > '{0}'", SomeDateTime);
string Query = String.Format("SELECT * FROM Win32_NTLogEvent WHERE
Logfile = 'Security'");
object o;
string name;
try
{
ManagementObjectSearcher mos = new ManagementObjectSearcher(Query);
foreach (ManagementObject mo in mos.Get())
{
foreach (PropertyData pd in mo.Properties)
{
o = mo[pd.Name];
if (o != null)
{
//Console.WriteLine(String.Format("{0}: {1}", pd.Name,
mo[pd.Name].ToString()));
}
}
}
mos.Dispose();
}
catch (Exception e)
{
MessageBox.Show(e.Message);
}
}
--
Thanks.
"Petar Repac" wrote:
Hi !
You can try WMI query for this.
Example that filters event log by LogFile and TimeGenerated.
using System;
using System.Collections.Generic;
using System.Text;
using System.Management;
namespace QueryEventLog {
class Program {
static void Main(string[] args) {
string SomeDateTime = "20070101000000.000000+000";
string Query = String.Format("SELECT * FROM Win32_NTLogEvent
WHERE Logfile = 'Application' AND TimeGenerated > '{0}'", SomeDateTime);
ManagementObjectSearcher mos = new ManagementObjectSearcher(Query);
object o;
foreach (ManagementObject mo in mos.Get()) {
Console.WriteLine("///////////////////////////////////////////////////////////////////////////");
foreach (PropertyData pd in mo.Properties) {
o = mo[pd.Name];
if (o != null) {
Console.WriteLine(String.Format("{0}: {1}", pd.Name,
mo[pd.Name].ToString()));
}
}
}
Console.ReadLine();
}
}
}
Hope it helps.
Petar Repac
Pucca wrote:
Thank you Jani. I'm already using the eventLog class and processing each log
entry and filtering them in my C# code (vs2005, .net2.0) and then place the
filtered / qualified rows in to a dataset table.
The problem is this is taking a long time. It's taking 45 secornds just to
read about 45k of entries(I get the entrycollection then use a logentry
varible to read each one). Are there anyway to improve this?
Only administrators can read the security log!
Willy.
- Follow-Ups:
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Willy Denoyette [MVP]
- Re: Is there a way to query Security Event Log with Filter in C#?
- References:
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Jani Järvinen [MVP]
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Petar Repac
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Pucca
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Pucca
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Willy Denoyette [MVP]
- Re: Is there a way to query Security Event Log with Filter in C#?
- Prev by Date: How to develop WinCE applicaton
- Next by Date: Re: Calling C# dll from java applications
- Previous by thread: Re: Is there a way to query Security Event Log with Filter in C#?
- Next by thread: Re: Is there a way to query Security Event Log with Filter in C#?
- Index(es):
Relevant Pages
|
