<一>读操作系统日志:
<1>
button事件:(点一下BUTTON写一条日志信息)
i += 1; EventLog myLog = new EventLog("WxSoftQuartz"); if (!EventLog.SourceExists("WxSoft")) { EventLog.CreateEventSource("WxSoft", "WxSoftQuartz"); }
myLog.Source = "WxSoft";
myLog.WriteEntry("fanybul加了第" + i + "条新日志.");
//清除日志 EventLog myLog = new EventLog("WxSoftQuartz"); myLog.Clear();
<2>
查询日志:
SelectQuery query = new SelectQuery("Select * From Win32_NTLogEvent Where Logfile='WxSoftQuartz'"); ManagementObjectSearcher searcher = new ManagementObjectSearcher(query); foreach (ManagementBaseObject disk in searcher.Get()) { listBox1.Items.Add(disk["Message"].ToString()); }
<二>监控系统日志:
public partial class FormServer : Form { ManagementEventWatcher watch_crt = null;
public FormServer() { InitializeComponent(); }
private void StartWatchCreateProcess() { WqlEventQuery query = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 1), "TargetInstance isa \"Win32_NTLogEvent\" and TargetInstance.Logfile ='WxSoftQuartz'"); watch_crt = new ManagementEventWatcher(query); watch_crt.EventArrived += new EventArrivedEventHandler(HandleProcessCreateEvent); watch_crt.Start(); }
private void HandleProcessCreateEvent(object sender, EventArrivedEventArgs e) { ManagementBaseObject o = e.NewEvent; //__InstanceCreationEvent ManagementBaseObject mo = (ManagementBaseObject)o["TargetInstance"];//Win32_Process MessageBox.Show(mo["Message"].ToString()); }
private void FormServer_Load(object sender, EventArgs e) { StartWatchCreateProcess(); }
private void FormServer_FormClosing(object sender, FormClosingEventArgs e) { if (watch_crt != null) watch_crt.Stop(); } }
转载于:https://www.cnblogs.com/fanybul/archive/2009/05/14/1456983.html
