C# 利用WMI进行日志监视
2007-10-03 11:10
447 查看
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Management;
using System.Windows.Forms;
namespace MonitorLogEvent
{
public partial class frmMain : Form
{
public frmMain()
{
InitializeComponent();
}
private ManagementEventWatcher LogEvent=null;
private void cmdStart_Click(object sender, EventArgs e)
{
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;
ManagementScope scope = new ManagementScope("////.//root//cimv2", co);
WqlEventQuery wql = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance ISA 'Win32_NTLogEvent'");
LogEvent = new ManagementEventWatcher(scope, wql);
LogEvent.EventArrived += new EventArrivedEventHandler(LogEvent_EventArrived);
LogEvent.Start();
}
private void LogEvent_EventArrived(object sender,EventArrivedEventArgs e)
{
ManagementBaseObject mo = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
PropertyDataCollection propertyDataCollections= mo.Properties;
foreach (PropertyData data in propertyDataCollections)
{
MessageBox.Show(data.Name);
}
//Category
//CategoryString
//ComputerName
//Data
//EventCode
//EventIdentifier
//EventType
//InsertionStrings
//Logfile
//Message
//RecordNumber
//SourceName
//TimeFGenerated
//TimeWritten
//Type
//User
}
private void frmMain_Load(object sender, EventArgs e)
{
this.FormClosing += new FormClosingEventHandler(frmMain_FormClosing);
}
private void frmMain_FormClosing(object sender, EventArgs e)
{
if (LogEvent != null)
{
LogEvent.Stop();
LogEvent = null;
}
}
private void cmdEnd_Click(object sender, EventArgs e)
{
if (LogEvent!=null)
{
LogEvent.Stop();
LogEvent = null;
}
}
}
}
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Management;
using System.Windows.Forms;
namespace MonitorLogEvent
{
public partial class frmMain : Form
{
public frmMain()
{
InitializeComponent();
}
private ManagementEventWatcher LogEvent=null;
private void cmdStart_Click(object sender, EventArgs e)
{
ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.EnablePrivileges = true;
ManagementScope scope = new ManagementScope("////.//root//cimv2", co);
WqlEventQuery wql = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance ISA 'Win32_NTLogEvent'");
LogEvent = new ManagementEventWatcher(scope, wql);
LogEvent.EventArrived += new EventArrivedEventHandler(LogEvent_EventArrived);
LogEvent.Start();
}
private void LogEvent_EventArrived(object sender,EventArrivedEventArgs e)
{
ManagementBaseObject mo = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
PropertyDataCollection propertyDataCollections= mo.Properties;
foreach (PropertyData data in propertyDataCollections)
{
MessageBox.Show(data.Name);
}
//Category
//CategoryString
//ComputerName
//Data
//EventCode
//EventIdentifier
//EventType
//InsertionStrings
//Logfile
//Message
//RecordNumber
//SourceName
//TimeFGenerated
//TimeWritten
//Type
//User
}
private void frmMain_Load(object sender, EventArgs e)
{
this.FormClosing += new FormClosingEventHandler(frmMain_FormClosing);
}
private void frmMain_FormClosing(object sender, EventArgs e)
{
if (LogEvent != null)
{
LogEvent.Stop();
LogEvent = null;
}
}
private void cmdEnd_Click(object sender, EventArgs e)
{
if (LogEvent!=null)
{
LogEvent.Stop();
LogEvent = null;
}
}
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- [导入]VB 利用WMI进行日志监视
- VB 利用WMI进行日志监视
- VB 利用WMI进行USB监视
- VB 利用WMI进行PNP监视
- VB 利用WMI进行共享目录的监视
- VB 利用WMI进行服务监视
- [导入]VB 利用WMI进行PNP监视
- VB 利用WMI进行外界设备插入分配盘符监视
- VB 利用WMI进行进程监视
- [导入]VB 利用WMI进行服务监视
- C# 利用Log4Net进行日志记录
- C# 利用WMI进行注册表监视
- 【转载】android与PC,C#与Java 利用protobuf 进行无障碍通讯【Socket】
- C#利用SharpZipLib进行文件的压缩和解压缩
- 利用分区进行日志表迁移
- 利用C#进行AutoCAD的二次开发(一)by C#才鸟
- hadoop日志分析系统二 第二部分利用hadoop平台进行数据处理 第一种方式 mapreduce方式
- 在C#中利用SharpZipLib进行文件的压缩和解压缩(转)
- 利用C#进行AUTOCAD的二次开发
- 利用Jmap进行简单日志分析