按日期限制事件日志

我抓住事件日志，然后将它们显示在数据网格中，但对于需要永久返回的大型日志，所以我想限制最近24小时的日志，但我不知道如何做到这一点。我想在迭代每个条目之前限制集合，因为那样做仍然需要很长时间。任何帮助将完全赞赏！按日期限制事件日志

namespace SysTools 
{ 
    public partial class LogViewer : Form 
    { 
     DataTable eventLog = new DataTable(); 
     DataSet dataset1 = new DataSet(); 
     private EventLog unhandledLogs; 
     public LogViewer(EventLog logs) 
     { 
      unhandledLogs = logs; 
      InitializeComponent(); 
     } 

     private void LogViewer_Load(object sender, EventArgs e) 
     { 
      String currentLog = unhandledLogs.Log; 
      DataTable dataTable1 = new DataTable(); 
      DataColumn column; 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Level"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Category"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.DateTime"); 
      column.ColumnName = "DateTime"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Message"; 
      dataTable1.Columns.Add(column); 
      dataTable1.Rows.Clear(); 
      DateTime systemtime = new DateTime(); 
      Int32 count = unhandledLogs.Entries.Count; 
      for (int currLogIndex = 0; currLogIndex <= unhandledLogs.Entries.Count; currLogIndex++) 
      { 
       DataRow drnew = dataTable1.NewRow(); 
       try 
       { 
        EventLogEntry currLogEntrys = unhandledLogs.Entries[currLogIndex]; 
        EventLogEntry currLogEntry = currLogEntrys; 
        string entrytype = currLogEntrys.EntryType.ToString(); 
        drnew["Level"] = entrytype; 
        drnew["Category"] = currLogEntry.Source; 
        drnew["DateTime"] = currLogEntry.TimeGenerated; 
        drnew["Message"] = currLogEntry.Message; 
        dataTable1.Rows.Add(drnew); 
       } 
       catch { } 
      } 
      dataGridView1.DataSource = dataTable1; 
      dataTable1.DefaultView.Sort = ("DateTime asc"); 
     } 
    } 
}

来源

2014-06-06 TankCR

看一看在EventLogQuery和EventLogReader类。在下面的示例中，我从应用程序事件日志中读取过去24小时的日志，并将它们放入列表中。你可以很容易地适应你自己的日志和需求。

请注意我正在做一些适度的修改以获得预期格式的日期（您应该改进它），但请参阅我如何创建查询，然后只处理检索到的记录。

public void GetEvents() 
    { 
     string FormattedDateTime = string.Format("{0}-{1}-{2}T{3}:{4}:{5}.000000000Z", 
      DateTime.Now.Year, 
      DateTime.Now.Month.ToString("D2"), 
      DateTime.Now.AddDays(-1).Day.ToString("D2"), 
      DateTime.Now.Hour.ToString("D2"), 
      DateTime.Now.Minute.ToString("D2"), 
      DateTime.Now.Second.ToString("D2")); 

     string LogSource = @"Application"; 
     string Query = "*[System[TimeCreated[@SystemTime >= '" + FormattedDateTime + "']]]"; 

     var QueryResult = new EventLogQuery(LogSource, PathType.LogName, Query); 
     var Reader = new System.Diagnostics.Eventing.Reader.EventLogReader(QueryResult); 

     List<EventRecord> Events = new List<EventRecord>(); 

     bool Reading = true; 

     while (Reading) 
     { 
      EventRecord Rec = Reader.ReadEvent(); 

      if (Rec == null) 
       Reading = false; 

      Events.Add(Rec); 
      // You could add to your own collection here instead of adding to a list 

     } 
    }

来源

2014-06-06 16:22:38 Gareth

按日期限制事件日志

回答

相关问题