关闭

C# 利用WMI进行日志监视

1120人阅读 评论(0) 收藏 举报

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Management;
using System.Windows.Forms;

namespace MonitorLogEvent
{
    public partial class frmMain : Form
    {
        public frmMain()
        {
            InitializeComponent();
        }

        private ManagementEventWatcher LogEvent=null;

        private void cmdStart_Click(object sender, EventArgs e)
        {
            ConnectionOptions co = new ConnectionOptions();
            co.Impersonation = ImpersonationLevel.Impersonate;
            co.EnablePrivileges = true;
            ManagementScope scope = new ManagementScope("////.//root//cimv2", co);
            WqlEventQuery wql = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance ISA 'Win32_NTLogEvent'");
            LogEvent = new ManagementEventWatcher(scope, wql);
            LogEvent.EventArrived += new EventArrivedEventHandler(LogEvent_EventArrived);
            LogEvent.Start();
        }

        private void LogEvent_EventArrived(object sender,EventArrivedEventArgs e)
        {
            ManagementBaseObject mo = (ManagementBaseObject)e.NewEvent.Properties["TargetInstance"].Value;
            PropertyDataCollection  propertyDataCollections= mo.Properties;
            foreach (PropertyData data in propertyDataCollections)
            {
                MessageBox.Show(data.Name);
            }

                //Category
                //CategoryString
                //ComputerName
                //Data
                //EventCode
                //EventIdentifier
                //EventType
                //InsertionStrings
                //Logfile
                //Message
                //RecordNumber
                //SourceName
                //TimeFGenerated
                //TimeWritten
                //Type
                //User
        }

        private void frmMain_Load(object sender, EventArgs e)
        {
            this.FormClosing += new FormClosingEventHandler(frmMain_FormClosing);
        }

        private void frmMain_FormClosing(object sender, EventArgs e)
        {
            if (LogEvent != null)
            {
                LogEvent.Stop();
                LogEvent = null;
            }

        }

        private void cmdEnd_Click(object sender, EventArgs e)
        {
            if (LogEvent!=null)
            {
                LogEvent.Stop();
                LogEvent = null;
            }
        }
    }

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:326535次
    • 积分:4457
    • 等级:
    • 排名:第7637名
    • 原创:81篇
    • 转载:0篇
    • 译文:2篇
    • 评论:434条
    文章分类
    最新评论
    chenhui530新浪博客