C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能相关的知识,希望对你有一定的参考价值。

先不说如何实现,先来看看效果图:

技术分享

读取远程的需要提供下远程的计算用户名和密码即可。

如何实现这个代码功能,请看如下代码部分:

实体类:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace GetDNSListTool
{
    public class EventLogEntity
    {
        string strEventType = string.Empty;  
        /// <summary>
        /// 日志类型
        /// </summary>
        public string EventType
        {
            get { return strEventType; }
            set { strEventType = value; }
        }

        string strTimeWritten = string.Empty;  
        /// <summary>
        /// 日志日期
        /// </summary>
        public string TimeWritten
        {
            get { return strTimeWritten; }
            set { strTimeWritten = value; }
        }

        string strCategory = string.Empty;  
        /// <summary>
        /// 日志种类
        /// </summary>
        public string Category
        {
            get { return strCategory; }
            set { strCategory = value; }
        }

        string strSourceName = string.Empty;  
        /// <summary>
        /// 日志来源
        /// </summary>
        public string SourceName
        {
            get { return strSourceName; }
            set { strSourceName = value; }
        }
        /// <summary>
        /// Eevnet ID
        /// </summary>
        string strEventIdentifier = string.Empty;  
        public string EventIdentifier
        {
            get { return strEventIdentifier; }
            set { strEventIdentifier = value; }
        }

        string strRecordNumber = string.Empty;  
        /// <summary>
        /// 行号
        /// </summary>
        public string RecordNumber
        {
            get { return strRecordNumber; }
            set { strRecordNumber = value; }
        }

        string strEventCode = string.Empty;  
        /// <summary>
        /// 日志编码
        /// </summary>
        public string EventCode
        {
            get { return strEventCode; }
            set { strEventCode = value; }
        }

        string strCategoryString = string.Empty;
        /// <summary>
        /// CategoryString
        /// </summary>
        public string CategoryString
        {
            get { return strCategoryString; }
            set { strCategoryString = value; }
        }


        string strMessage = string.Empty;
        /// <summary>
        /// 详细错误
        /// </summary>
        public string Message
        {
            get { return strMessage; }
            set { strMessage = value; }
        }
    }
}
#region//格式化信息类别
       /// <summary>
       /// 格式化信息类别
       /// </summary>
       /// <param name="val"></param>
       /// <returns></returns>
       private string GetEventTypeString(NTLogEvent.EventTypeValues val)
       {
           switch (val)
           {
               case NTLogEvent.EventTypeValues.Error:
                   return EventTypeDescription.Error;
               case NTLogEvent.EventTypeValues.Warning:
                   return EventTypeDescription.Warning;
               case NTLogEvent.EventTypeValues.Information:
                   return EventTypeDescription.Information;
               case NTLogEvent.EventTypeValues.Security_audit_success:
                   return EventTypeDescription.SuccessAudit;
               case NTLogEvent.EventTypeValues.Security_audit_failure:
                   return EventTypeDescription.FailureAudit;
               default:
                   return EventTypeDescription.Unknown;
           }
       }
       #endregion
#region//获取日志文件
       /// <summary>
       /// 获取日志文件
       /// </summary>
       /// <param name="topNumber">多少条</param>
       /// <param name="eventCode">事件ID</param>
       /// <param name="startTime">开始时间</param>
       /// <param name="endTime">结束时间</param>
       /// <returns>返回集合</returns>
       public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode, 
           string startTime, string endTime)
       {
           List<EventLogEntity> logList = new List<EventLogEntity>();
           try
           {
               //条件语句
               StringBuilder query = new StringBuilder();
               StringBuilder strWhere = new StringBuilder();
               query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message  from Win32_NTLogEvent ");
               //日志ID
               if (!string.IsNullOrEmpty(eventCode))
               {
                   strWhere.Append(" AND eventCode = ‘");
                   strWhere.Append(eventCode);
                   strWhere.Append("");
               }
               //开始日期
               if (!string.IsNullOrEmpty(startTime))
               {
                   strWhere.Append(" AND TimeWritten>= ‘");
                   strWhere.Append(getDmtfFromDateTime(startTime));
                   strWhere.Append("");
               }
               //结束日期
               if (!string.IsNullOrEmpty(endTime))
               {
                   strWhere.Append(" AND TimeWritten<= ‘");
                   strWhere.Append(getDmtfFromDateTime(endTime));
                   strWhere.Append("");
               }
               string laststrWhere = strWhere.ToString();
               //如果有检索条件
               if (!string.IsNullOrEmpty(laststrWhere))
               {
                   laststrWhere = " where " + laststrWhere.Substring(4);
               }
               //组合条件
               query.Append(laststrWhere);
               //
               ManagementObjectCollection moCollection = null;
               //如果是本地
               if (isLocal)
               {
                   ManagementScope scope = new ManagementScope(scopePath);
                   scope.Connect();
                   ObjectQuery objectQuery = new ObjectQuery(query.ToString());
                   //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                   ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
                   //异步调用WMI查询
                   moCollection = Searcher.Get();
               }
               //表示远程
               else
               {
                   //设定通过WMI要查询的内容
                   ObjectQuery Query = new ObjectQuery(query.ToString());
                   //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                   ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
                   //异步调用WMI查询
                   moCollection = Searcher.Get();
               }
               //循环
               if (moCollection != null)
               {
                  
                   //计数器
                   int i = 0;
                   //foreach
                   foreach (ManagementObject mObject in moCollection)
                   {
                       //如果i==topNumber就退出循环
                       if (i == topNumber)
                       {
                           break;
                       }
                       EventLogEntity eventLog = new EventLogEntity();

                       //日志类型
                       eventLog.EventType = mObject["EventType"] == null ? string.Empty :
                            GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));
                       //日志种类
                       eventLog.Category = mObject["Category"] == null ? string.Empty :
                            mObject["Category"].ToString();
                       //日志种类
                       eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :
                            mObject["CategoryString"].ToString();
                       //日志编码
                       eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :
                            mObject["EventCode"].ToString();
                       //日志ID
                       eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :
                            mObject["EventIdentifier"].ToString();
                       //行号
                       eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :
                            mObject["RecordNumber"].ToString();
                       //日期
                       eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :
                            getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());
                       
                       //日志来源
                       eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :
                            mObject["SourceName"].ToString();
                       //详细错误
                       eventLog.Message = mObject["Message"] == null ? string.Empty :
                           mObject["Message"].ToString();
                       //add
                       logList.Add(eventLog);
                       //
                       //
                       i++;
                   }

               }
           }
           catch (Exception ex)
           {
               throw ex;
           }
           //
           return logList;
       }
       #endregion

       #region//根据行号检索错误信息
       /// <summary>
       /// 根据行号检索错误信息
       /// </summary>
       /// <param name="recordNumber">行号</param>
       /// <returns>返回错误信息</returns>
       public string GetErrMsg(uint recordNumber)
       {
           string Msg = string.Empty;
           try
           {
               //条件语句
               StringBuilder query = new StringBuilder();
               query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");
               query.Append(" RecordNumber=‘");
               query.Append(recordNumber);
               query.Append("");
               //
               ManagementObjectCollection moCollection = null;
               //如果是本地
               if (isLocal)
               {
                   ManagementScope scope = new ManagementScope(scopePath);
                   scope.Connect();
                   ObjectQuery objectQuery = new ObjectQuery(query.ToString());
                   //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                   ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
                   //异步调用WMI查询
                   moCollection = Searcher.Get();
               }
               //表示远程
               else
               {
                   //设定通过WMI要查询的内容
                   ObjectQuery Query = new ObjectQuery(query.ToString());
                   //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                   ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
                   //异步调用WMI查询
                   moCollection = Searcher.Get();
               }
               //检索错误信息
               foreach (ManagementObject mObject in moCollection)
               {
                   //错误信息
                   string message = mObject["Message"] == null ?
                       string.Empty : mObject["Message"].ToString();
                   //错误信息
                   string[] insertionStrings =mObject["InsertionStrings"]==null?null:
                       (string[])mObject["InsertionStrings"];
                   //如果有错误信息
                   if (string.IsNullOrEmpty(message))
                   {
                       if (insertionStrings.Length > 0)
                       {
                           StringBuilder sb = new StringBuilder();

                           for (int i = 0; i < insertionStrings.Length; i++)
                           {
                               sb.Append(insertionStrings[i]);
                               sb.Append(" ");
                           }

                           Msg =  sb.ToString();
                       }
                      
                   }
                   else
                   {
                       Msg= message;
                   }
               }
           }
           catch
           {
           }
           //return
           return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;
       }
       #endregion

 

以上是关于C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能的主要内容,如果未能解决你的问题,请参考以下文章

如何通过 C# WMI / WMI Code Creator 检测 RealSense 摄像头

C#通过WIN32 API实现嵌入程序窗体

使用Python玩转WMI进行Win32api/com进行Windows编程开发

授予远程用户(非管理员)使用 WMI 和 C# 在命名空间 cimv2 中枚举 Win32_Service 服务的能力

C#调用Win32 api时的内存操作

Win32 API 获取机器 UUID