usingMonitorCaveatService;usingSystem;usingSystem.Collections.Generic;usingSystem.Globalization;usingSystem.IO;usingSystem.Linq;usingSystem.Management;usingSystem.Runtime.InteropServices;usingSystem.Text;usingSystem.Threading;usingSystem.Threading.Tasks;usingSystem.Xml;namespaceWindowsCaveatService
{public classEventLogService
{private readonly object _lock = new object();private Boolean isLocal = false;private string scopePath = "";private log4net.ILog _log = log4net.LogManager.GetLogger("WMIService");string tempTime = string.Empty;#region 使用WMI读取远程主机的日志信息时以下几点需要注意:
//1.检查服务器DCOM 键值是否为Y://HKEY_LOCAL_MACHINE→SOFTWARE→Microsoft→Ole→EnableDCOM的值//2.检查登陆用户是否具有权限://运行DCOMCNFG--Componet Service--Computers-My Computer--右键Properties--COM Secuntiy-- Launch and Activation...//Edit Limits---ADD User---ALLOW 勾选所有权限//3.关闭防火墙//4.local访问root\cimv2 在dos 命令行里执行: wbemtest.exe,执行成功之后,在工具里设置地址如: \\10.186.32.128\root\cimv2//5.检查 local和root的WMI Service是否都有启动,检查方法:services.msc找到WMI并查看状态
#endregion
private string GetEventTypeString(stringEventType)
{switch(EventType)
{case "1":return "Error";case "2":return "Warning";case "3":return "Information";case "4":return "Security Audit Success";case "5":return "Security Audit Failure";
}return null;
}private string GetEventTypeInt(stringEventType)
{switch(EventType)
{case "Error":return "1";case "Warning":return "2";case "Information":return "3";case "Security Audit Success":return "4";case "Security Audit Failure":return "5";
}return null;
}
Dictionary dict = new Dictionary();public voidGetEventLogService()
{
System.Management.ObjectQuery oq;
System.Management.ConnectionOptions co= newConnectionOptions();string tempYZM = string.Empty;//string eventCode = "14500";
string MonitorPassword = string.Empty;//连接需要的密码
string MonitorUserID = string.Empty;//连接需要的用户名
string MonitorDeviceID = string.Empty;string serverName = string.Empty;string MonitorIP = string.Empty;
List ipd = new List();
ipd= GetName();//获取所有的服务器信息
string eventCodes = GetValue("EventCodes");while (true)
{for (int i = 0; i < ipd.Count; i++)
{if (!dict.ContainsKey(ipd[i].ServerName))
{
dict.Add(ipd[i].ServerName, DateTime.Now.AddSeconds(-20).ToString("yyyy /MM/dd HH:mm:ss"));
}
MonitorIP= ipd[i].MonitorIP.ToString(); //监测的目标机器IP地址
MonitorUserID= ipd[i].MonitorUserID.ToString();//监测目标的UserID
MonitorPassword = ipd[i].MonitorPassword.ToString();//监测目标的Passsword
MonitorDeviceID =ipd[i].MonitorDeviceID.ToString();
co.Username=MonitorUserID;
co.Password=MonitorPassword;
Boolean tempYZ= RemoteConnectValidate(MonitorIP, MonitorUserID, MonitorPassword); //Ntevt.dll
if (tempYZ == true)
{//可以访问服务器
_log.FatalFormat("已经成功链接服务器:"+"IP地址:" + MonitorIP + "\r" + "时间:" +DateTime.Now);
}else{//无法访问服务器
_log.FatalFormat("链接服务器失败:"+"IP地址:" + MonitorIP + "\r" + "时间:" +DateTime.Now);
}
_log.FatalFormat("线程睡开始时间:" +DateTime.Now);bool EmStatus =GetEventLogList(MonitorIP, MonitorDeviceID, co, eventCodes, ipd[i].ServerName);
Thread.Sleep(9000);
_log.FatalFormat("线程睡结束时间:" +DateTime.Now);
}
}
}//验证是否能连接到远程计算机
public bool RemoteConnectValidate(string host, string userName, stringpassword)
{
ConnectionOptions connectionOptions= newConnectionOptions();
connectionOptions.Username=userName;
connectionOptions.Password=password;
ManagementScope managementScope= new ManagementScope("\\\\" + host + "\\root\\cimv2", connectionOptions);try{
managementScope.Connect();
}catch(Exception ex)
{//ex.Message.ToString();
_log.FatalFormat("验证链接远程主机:(" + "RemoteConnectValidate出现异常):"+"\r\r\r"+ ex.Message + "\r\r\r" +DateTime.Now);
}returnmanagementScope.IsConnected;
}#region//获取日志文件
///
///获取日志文件///
/// 多少条
/// 事件ID
/// 开始时间
/// 结束时间
/// 返回集合
public bool GetEventLogList(string machineName, string MonitorDeviceID, System.Management.ConnectionOptions co, string eventCodes, stringserverName)
{
List logList = new List();string ErrorLevel = GetValue("ErrorLevel");
EmailToBMW em= newEmailToBMW();stringstartTime;stringendTime;//根据键值对的形式取出所属服务器的时间//原因:多个服务器的时间可能不一致
startTime =dict[serverName];
endTime= Convert.ToDateTime(startTime).AddSeconds(20).ToString("yyyy /MM/dd HH:mm:ss");
System.Management.ManagementScope ms= new System.Management.ManagementScope("\\\\" + machineName + "\\root\\cimv2", co);try{//条件语句
StringBuilder query = newStringBuilder();
StringBuilder strWhere= newStringBuilder();
query.Append(@"select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message,ComputerName,
User,Type,Data,InsertionStrings,Logfile,TimeGenerated from Win32_NTLogEvent");//日志ID//eventCodes需要特殊处理//原因:WQL查询语句使用IN('','')时无法支持多个
if (!string.IsNullOrEmpty(eventCodes))
{var tempSQL = string.Empty;
eventCodes.Split(',').ToList().ForEach(
t=> tempSQL += "or eventCode ='" + t + "'");if (!string.IsNullOrEmpty(tempSQL))
tempSQL= "AND (" + tempSQL.Remove(0, 4) + ")";
strWhere.Append(tempSQL);
}//错误级别 GetEventTypeInt
if (!string.IsNullOrEmpty(ErrorLevel))
{
strWhere.Append("AND EventType='");
strWhere.Append(GetEventTypeInt(ErrorLevel));
strWhere.Append("'");
}//开始日期
if (!string.IsNullOrEmpty(startTime))
{
strWhere.Append("AND TimeWritten >='");
strWhere.Append(getDmtfFromDateTime(startTime));
strWhere.Append("'");
}//结束日期
if (!string.IsNullOrEmpty(endTime))
{
strWhere.Append("AND TimeWritten
strWhere.Append(getDmtfFromDateTime(endTime));
strWhere.Append("'");
}string laststrWhere =strWhere.ToString();//如果有检索条件
if (!string.IsNullOrEmpty(laststrWhere))
{
laststrWhere= "where" + laststrWhere.Substring(4);
}//组合条件
query.Append(laststrWhere);//值
ManagementObjectCollection moCollection = null;//如果是本地
if(isLocal)
{
ManagementScope scope= newManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery= newObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = newManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询
moCollection =Searcher.Get();
}//表示远程
else{//设定通过WMI要查询的内容
ObjectQuery Query = newObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher= newManagementObjectSearcher(ms, Query);//异步调用WMI查询
moCollection =Searcher.Get();
}//循环
if (moCollection != null)
{foreach (ManagementObject mObject inmoCollection)
{
EventLogEntity eventLog= newEventLogEntity();//日志类型
eventLog.EventType = mObject["EventType"] == null ? string.Empty : GetEventTypeString(mObject["EventType"].ToString());//日志种类
eventLog.Category = mObject["Category"] == null ? string.Empty : mObject["Category"].ToString();//日志种类
eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty : mObject["CategoryString"].ToString();//日志编码
eventLog.EventCode = mObject["EventCode"] == null ? string.Empty : mObject["EventCode"].ToString();//日志ID
eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty : mObject["EventIdentifier"].ToString();//行号
eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty : mObject["RecordNumber"].ToString();//日期
eventLog.TimeWritten = mObject["TimeWritten"] == null ? DateTime.Now : ConverSpecialOfDate((mObject["TimeWritten"].ToString()));//日志来源
eventLog.SourceName = mObject["SourceName"] == null ? string.Empty : mObject["SourceName"].ToString();//详细错误
eventLog.Message = mObject["Message"] == null ? string.Empty : mObject["Message"].ToString();//电脑名称
eventLog.ComputerName = mObject["ComputerName"] == null ? string.Empty : mObject["ComputerName"].ToString();//用户
eventLog.User = mObject["User"] == null ? "N/A" : mObject["User"].ToString();//类型
eventLog.Type = mObject["Type"] == null ? string.Empty : mObject["Type"].ToString();
eventLog.Data= mObject["Data"] == null ? string.Empty : mObject["Data"].ToString();
eventLog.InsertionStrings= mObject["InsertionStrings"] == null ? string.Empty : mObject["InsertionStrings"].ToString();
eventLog.Type= mObject["TimeGenerated"] == null ? string.Empty : mObject["TimeGenerated"].ToString();
eventLog.Device_ID=MonitorDeviceID;
eventLog.Device_IP_Address=machineName;
eventLog.Device_Site_Name= "BMW SF Production CIC I-Monitor";
logList.Add(eventLog);
}//logList查询出来的数据是按倒序排列//这个时间作为下次开始的时间
tempTime= logList.Count == 0 ? endTime : logList[0].TimeWritten.ToString("yyyy /MM/dd HH:mm:ss");
dict[serverName]=tempTime;
_log.FatalFormat("获取日志结束时间:" +tempTime);
em.senMail(logList);
}
}catch(Exception ex)
{//throw ex;
_log.FatalFormat("WMI获取日志GetEventLogList出错"+ ex.Message, "时间:" +DateTime.Now);return false;
}// return true;
}#endregion
#region//根据行号检索错误信息
///
///根据行号检索错误信息///
/// 行号
/// 返回错误信息
public string GetErrMsg(uintrecordNumber)
{string Msg = string.Empty;try{//条件语句
StringBuilder query = newStringBuilder();
query.Append("select Message, InsertionStrings from Win32_NTLogEvent where");
query.Append("RecordNumber='");
query.Append(recordNumber);
query.Append("'");//值
ManagementObjectCollection moCollection = null;//如果是本地
if(isLocal)
{
ManagementScope scope= newManagementScope(scopePath);
scope.Connect();
ObjectQuery objectQuery= newObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
ManagementObjectSearcher Searcher = newManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询
moCollection =Searcher.Get();
}//表示远程
else{//设定通过WMI要查询的内容
ObjectQuery Query = newObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合//ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
ManagementObjectSearcher Searcher = newManagementObjectSearcher(Query);//异步调用WMI查询
moCollection =Searcher.Get();
}//检索错误信息
foreach (ManagementObject mObject inmoCollection)
{//错误信息
string message = mObject["Message"] == null ?
string.Empty : mObject["Message"].ToString();//错误信息
string[] insertionStrings = mObject["InsertionStrings"] == null ? null:
(string[])mObject["InsertionStrings"];//如果有错误信息
if (string.IsNullOrEmpty(message))
{if (insertionStrings.Length > 0)
{
StringBuilder sb= newStringBuilder();for (int i = 0; i < insertionStrings.Length; i++)
{
sb.Append(insertionStrings[i]);
sb.Append(" ");
}
Msg=sb.ToString();
}
}else{
Msg=message;
}
}
}catch{
}//return
return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!": Msg;
}#endregion
///
///去读Config配置里的信息///
///
public string GetValue(stringappKey)
{
XmlDocument xDoc= newXmlDocument();
xDoc.Load(Path.Combine(AppDomain.CurrentDomain.BaseDirectory,"MonitorCaveatService.config"));
XmlNode xNode;
XmlElement xElem;
xNode= xDoc.SelectSingleNode("//appSettings");
xElem= (XmlElement)xNode.SelectSingleNode("//add[@key='" + appKey + "']");if (xElem != null)return xElem.GetAttribute("value");else
return "";
}///
///根据节点名字循环读取///
///
public ListGetName()
{
List listIP = new List();try{
XmlNode node=GetIPCaveat();
XmlNodeList nodes= node.SelectNodes("add");if (nodes != null)
{foreach (XmlNode node1 innodes)
{
IPEntity ipy= newIPEntity();
ipy.Serverkey= node1.Attributes["Serverkey"].Value;
ipy.MonitorIP= node1.Attributes["MonitorIP"].Value;
ipy.ServerName= node1.Attributes["ServerName"].Value;
ipy.MonitorUserID= node1.Attributes["MonitorUserID"].Value;
ipy.MonitorPassword= node1.Attributes["MonitorPassword"].Value;
ipy.MonitorDeviceID= node1.Attributes["MonitorDeviceID"].Value;
listIP.Add(ipy);
}
}
}catch(Exception ex)
{
_log.FatalFormat("解析XMLGetName方法出错:"+ex.Message);
}returnlistIP;
}///
///获取到IPCaveat节点的信息///
///
publicXmlNode GetIPCaveat()
{
XmlDocument xDoc= newXmlDocument();
xDoc.Load(Path.Combine( AppDomain.CurrentDomain.BaseDirectory,"MonitorCaveatService.config"));return xDoc.SelectSingleNode("//appSettings//IPCaveat");
}#region 将输入的字符串转化为日期。如果字符串的格式非法,则返回当前日期
///
///Author:JohnTang///
/// 输入字符串
/// 日期对象
public static DateTime ConvertStringToDate(stringstrInput)
{
DateTime oDateTime;try{
oDateTime=DateTime.Parse(strInput);
}catch(Exception)
{
oDateTime=DateTime.Today;
}returnoDateTime;
}#endregion
#region 特殊字符串转换成年/月/日 时:分:秒
public DateTime ConverSpecialOfDate(string_date)
{
DateTime dt=DateTime.Now;try{string str = _date.Substring(0, _date.IndexOf("."));string str1 = str.Substring(0, 4);//年
string str2 = str.Substring(4, 2);//月
string str3 = str.Substring(6, 2);//日
string str4 = str.Substring(8, 2);//时
string str5 = str.Substring(10, 2);//分
string str6 = str.Substring(12, 2);//秒
string temps = str1 + "/" + str2 + "/" + str3 + " " + str4 + ":" + str5 + ":" +str6;
dt=DateTime.Parse(temps);
}catch(Exception ex)
{
_log.FatalFormat("在转换时间方法ConverSpecialOfDate时出错:"+ex.Message+"参数:"+_date);
}returndt;
}#endregion
private static stringgetDmtfFromDateTime(DateTime dateTime)
{returnManagementDateTimeConverter.ToDmtfDateTime(dateTime);
}private static string getDmtfFromDateTime(stringdateTime)
{
DateTime dateTimeValue=Convert.ToDateTime(dateTime);returngetDmtfFromDateTime(dateTimeValue);
}private static string getDateTimeFromDmtfDate(stringdateTime)
{returnManagementDateTimeConverter.ToDateTime(dateTime).ToString();
}
}
}