C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能相关的知识,希望对你有一定的参考价值。
先不说如何实现,先来看看效果图:
读取远程的需要提供下远程的计算用户名和密码即可。
如何实现这个代码功能,请看如下代码部分:
实体类:
using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace GetDNSListTool { public class EventLogEntity { string strEventType = string.Empty; /// <summary> /// 日志类型 /// </summary> public string EventType { get { return strEventType; } set { strEventType = value; } } string strTimeWritten = string.Empty; /// <summary> /// 日志日期 /// </summary> public string TimeWritten { get { return strTimeWritten; } set { strTimeWritten = value; } } string strCategory = string.Empty; /// <summary> /// 日志种类 /// </summary> public string Category { get { return strCategory; } set { strCategory = value; } } string strSourceName = string.Empty; /// <summary> /// 日志来源 /// </summary> public string SourceName { get { return strSourceName; } set { strSourceName = value; } } /// <summary> /// Eevnet ID /// </summary> string strEventIdentifier = string.Empty; public string EventIdentifier { get { return strEventIdentifier; } set { strEventIdentifier = value; } } string strRecordNumber = string.Empty; /// <summary> /// 行号 /// </summary> public string RecordNumber { get { return strRecordNumber; } set { strRecordNumber = value; } } string strEventCode = string.Empty; /// <summary> /// 日志编码 /// </summary> public string EventCode { get { return strEventCode; } set { strEventCode = value; } } string strCategoryString = string.Empty; /// <summary> /// CategoryString /// </summary> public string CategoryString { get { return strCategoryString; } set { strCategoryString = value; } } string strMessage = string.Empty; /// <summary> /// 详细错误 /// </summary> public string Message { get { return strMessage; } set { strMessage = value; } } } }
#region//格式化信息类别 /// <summary> /// 格式化信息类别 /// </summary> /// <param name="val"></param> /// <returns></returns> private string GetEventTypeString(NTLogEvent.EventTypeValues val) { switch (val) { case NTLogEvent.EventTypeValues.Error: return EventTypeDescription.Error; case NTLogEvent.EventTypeValues.Warning: return EventTypeDescription.Warning; case NTLogEvent.EventTypeValues.Information: return EventTypeDescription.Information; case NTLogEvent.EventTypeValues.Security_audit_success: return EventTypeDescription.SuccessAudit; case NTLogEvent.EventTypeValues.Security_audit_failure: return EventTypeDescription.FailureAudit; default: return EventTypeDescription.Unknown; } } #endregion
#region//获取日志文件 /// <summary> /// 获取日志文件 /// </summary> /// <param name="topNumber">多少条</param> /// <param name="eventCode">事件ID</param> /// <param name="startTime">开始时间</param> /// <param name="endTime">结束时间</param> /// <returns>返回集合</returns> public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode, string startTime, string endTime) { List<EventLogEntity> logList = new List<EventLogEntity>(); try { //条件语句 StringBuilder query = new StringBuilder(); StringBuilder strWhere = new StringBuilder(); query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message from Win32_NTLogEvent "); //日志ID if (!string.IsNullOrEmpty(eventCode)) { strWhere.Append(" AND eventCode = ‘"); strWhere.Append(eventCode); strWhere.Append("‘"); } //开始日期 if (!string.IsNullOrEmpty(startTime)) { strWhere.Append(" AND TimeWritten>= ‘"); strWhere.Append(getDmtfFromDateTime(startTime)); strWhere.Append("‘"); } //结束日期 if (!string.IsNullOrEmpty(endTime)) { strWhere.Append(" AND TimeWritten<= ‘"); strWhere.Append(getDmtfFromDateTime(endTime)); strWhere.Append("‘"); } string laststrWhere = strWhere.ToString(); //如果有检索条件 if (!string.IsNullOrEmpty(laststrWhere)) { laststrWhere = " where " + laststrWhere.Substring(4); } //组合条件 query.Append(laststrWhere); //值 ManagementObjectCollection moCollection = null; //如果是本地 if (isLocal) { ManagementScope scope = new ManagementScope(scopePath); scope.Connect(); ObjectQuery objectQuery = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合 ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery); //异步调用WMI查询 moCollection = Searcher.Get(); } //表示远程 else { //设定通过WMI要查询的内容 ObjectQuery Query = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合 ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query); //异步调用WMI查询 moCollection = Searcher.Get(); } //循环 if (moCollection != null) { //计数器 int i = 0; //foreach foreach (ManagementObject mObject in moCollection) { //如果i==topNumber就退出循环 if (i == topNumber) { break; } EventLogEntity eventLog = new EventLogEntity(); //日志类型 eventLog.EventType = mObject["EventType"] == null ? string.Empty : GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"])))); //日志种类 eventLog.Category = mObject["Category"] == null ? string.Empty : mObject["Category"].ToString(); //日志种类 eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty : mObject["CategoryString"].ToString(); //日志编码 eventLog.EventCode = mObject["EventCode"] == null ? string.Empty : mObject["EventCode"].ToString(); //日志ID eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty : mObject["EventIdentifier"].ToString(); //行号 eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty : mObject["RecordNumber"].ToString(); //日期 eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty : getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString()); //日志来源 eventLog.SourceName = mObject["SourceName"] == null ? string.Empty : mObject["SourceName"].ToString(); //详细错误 eventLog.Message = mObject["Message"] == null ? string.Empty : mObject["Message"].ToString(); //add logList.Add(eventLog); // // i++; } } } catch (Exception ex) { throw ex; } // return logList; } #endregion #region//根据行号检索错误信息 /// <summary> /// 根据行号检索错误信息 /// </summary> /// <param name="recordNumber">行号</param> /// <returns>返回错误信息</returns> public string GetErrMsg(uint recordNumber) { string Msg = string.Empty; try { //条件语句 StringBuilder query = new StringBuilder(); query.Append("select Message, InsertionStrings from Win32_NTLogEvent where "); query.Append(" RecordNumber=‘"); query.Append(recordNumber); query.Append("‘"); //值 ManagementObjectCollection moCollection = null; //如果是本地 if (isLocal) { ManagementScope scope = new ManagementScope(scopePath); scope.Connect(); ObjectQuery objectQuery = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合 ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery); //异步调用WMI查询 moCollection = Searcher.Get(); } //表示远程 else { //设定通过WMI要查询的内容 ObjectQuery Query = new ObjectQuery(query.ToString()); //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合 ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query); //异步调用WMI查询 moCollection = Searcher.Get(); } //检索错误信息 foreach (ManagementObject mObject in moCollection) { //错误信息 string message = mObject["Message"] == null ? string.Empty : mObject["Message"].ToString(); //错误信息 string[] insertionStrings =mObject["InsertionStrings"]==null?null: (string[])mObject["InsertionStrings"]; //如果有错误信息 if (string.IsNullOrEmpty(message)) { if (insertionStrings.Length > 0) { StringBuilder sb = new StringBuilder(); for (int i = 0; i < insertionStrings.Length; i++) { sb.Append(insertionStrings[i]); sb.Append(" "); } Msg = sb.ToString(); } } else { Msg= message; } } } catch { } //return return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg; } #endregion
以上是关于C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能的主要内容,如果未能解决你的问题,请参考以下文章
如何通过 C# WMI / WMI Code Creator 检测 RealSense 摄像头
使用Python玩转WMI进行Win32api/com进行Windows编程开发