Re: Is there a way to query Security Event Log with Filter in C#?
- From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
- Date: Fri, 5 Jan 2007 22:47:00 +0100
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:781462FF-AAFB-4197-9942-3FE17C6CDF23@xxxxxxxxxxxxxxxx
The odd thing is that it works when I change the logfile = 'Application'.
Wieht Security it retrievs 0 entry. Why is that so? I did verify that I
have over 55k of entries in Security log in Event Viewer.
--
Thanks.
"Pucca" wrote:
Thanks Peter. I tried it in my code but it's just exiting when it eaches the
statement mos.get(). Can you see what's wrong here? Also, where can I look
up syntax format and the properties names for the Security log? Thanks.
private void GetLog()
{
//string SomeDateTime = "20060101000000.000000+000";
//string Query = String.Format("SELECT * FROM Win32_NTLogEvent WHERE
Logfile = 'Security' AND TimeGenerated > '{0}'", SomeDateTime);
string Query = String.Format("SELECT * FROM Win32_NTLogEvent WHERE
Logfile = 'Security'");
object o;
string name;
try
{
ManagementObjectSearcher mos = new ManagementObjectSearcher(Query);
foreach (ManagementObject mo in mos.Get())
{
foreach (PropertyData pd in mo.Properties)
{
o = mo[pd.Name];
if (o != null)
{
//Console.WriteLine(String.Format("{0}: {1}", pd.Name,
mo[pd.Name].ToString()));
}
}
}
mos.Dispose();
}
catch (Exception e)
{
MessageBox.Show(e.Message);
}
}
--
Thanks.
"Petar Repac" wrote:
> Hi !
>
> You can try WMI query for this.
> Example that filters event log by LogFile and TimeGenerated.
>
> using System;
> using System.Collections.Generic;
> using System.Text;
> using System.Management;
>
> namespace QueryEventLog {
>
> class Program {
> static void Main(string[] args) {
> string SomeDateTime = "20070101000000.000000+000";
> string Query = String.Format("SELECT * FROM Win32_NTLogEvent
> WHERE Logfile = 'Application' AND TimeGenerated > '{0}'", SomeDateTime);
> ManagementObjectSearcher mos = new ManagementObjectSearcher(Query);
> object o;
>
> foreach (ManagementObject mo in mos.Get()) {
>
> Console.WriteLine("///////////////////////////////////////////////////////////////////////////");
> foreach (PropertyData pd in mo.Properties) {
> o = mo[pd.Name];
> if (o != null) {
> Console.WriteLine(String.Format("{0}: {1}", pd.Name,
> mo[pd.Name].ToString()));
> }
> }
> }
>
> Console.ReadLine();
> }
> }
> }
>
> Hope it helps.
>
> Petar Repac
>
>
>
> Pucca wrote:
> > Thank you Jani. I'm already using the eventLog class and processing each log
> > entry and filtering them in my C# code (vs2005, .net2.0) and then place the
> > filtered / qualified rows in to a dataset table.
> >
> > The problem is this is taking a long time. It's taking 45 secornds just to
> > read about 45k of entries(I get the entrycollection then use a logentry
> > varible to read each one). Are there anyway to improve this?
>
Only administrators can read the security log!
Willy.
.
- Follow-Ups:
- References:
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Jani Järvinen [MVP]
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Petar Repac
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Pucca
- Re: Is there a way to query Security Event Log with Filter in C#?
- From: Pucca
- Re: Is there a way to query Security Event Log with Filter in C#?
- Prev by Date: Re: problems starting a Network service
- Next by Date: Re: Need help with windows form
- Previous by thread: Re: Is there a way to query Security Event Log with Filter in C#?
- Next by thread: Re: Is there a way to query Security Event Log with Filter in C#?
- Index(es):
Relevant Pages
|
Loading
