USB迷 | 专注于互联网分享

    最新消息: USBMI致力于为网友们分享Windows、安卓、IOS等主流手机系统相关的资讯以及评测、同时提供相关教程、应用、软件下载等服务。
    你的位置: 首页 > IT圈 > C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能...

    C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能...

    IT圈 admin 5浏览 0评论

    C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能...

    先不说如何实现,先来看看效果图:

    读取远程的需要提供下远程的计算用户名和密码即可。

    如何实现这个代码功能,请看如下代码部分:

    实体类:

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;namespace GetDNSListTool
{public class EventLogEntity{string strEventType = string.Empty;  /// <summary>/// 日志类型/// </summary>public string EventType{get { return strEventType; }set { strEventType = value; }}string strTimeWritten = string.Empty;  /// <summary>/// 日志日期/// </summary>public string TimeWritten{get { return strTimeWritten; }set { strTimeWritten = value; }}string strCategory = string.Empty;  /// <summary>/// 日志种类/// </summary>public string Category{get { return strCategory; }set { strCategory = value; }}string strSourceName = string.Empty;  /// <summary>/// 日志来源/// </summary>public string SourceName{get { return strSourceName; }set { strSourceName = value; }}/// <summary>/// Eevnet ID/// </summary>string strEventIdentifier = string.Empty;  public string EventIdentifier{get { return strEventIdentifier; }set { strEventIdentifier = value; }}string strRecordNumber = string.Empty;  /// <summary>/// 行号/// </summary>public string RecordNumber{get { return strRecordNumber; }set { strRecordNumber = value; }}string strEventCode = string.Empty;  /// <summary>/// 日志编码/// </summary>public string EventCode{get { return strEventCode; }set { strEventCode = value; }}string strCategoryString = string.Empty;/// <summary>/// CategoryString/// </summary>public string CategoryString{get { return strCategoryString; }set { strCategoryString = value; }}string strMessage = string.Empty;/// <summary>/// 详细错误/// </summary>public string Message{get { return strMessage; }set { strMessage = value; }}}
}
    #region//格式化信息类别/// <summary>/// 格式化信息类别/// </summary>/// <param name="val"></param>/// <returns></returns>private string GetEventTypeString(NTLogEvent.EventTypeValues val){switch (val){case NTLogEvent.EventTypeValues.Error:return EventTypeDescription.Error;case NTLogEvent.EventTypeValues.Warning:return EventTypeDescription.Warning;case NTLogEvent.EventTypeValues.Information:return EventTypeDescription.Information;case NTLogEvent.EventTypeValues.Security_audit_success:return EventTypeDescription.SuccessAudit;case NTLogEvent.EventTypeValues.Security_audit_failure:return EventTypeDescription.FailureAudit;default:return EventTypeDescription.Unknown;}}#endregion
    #region//获取日志文件/// <summary>/// 获取日志文件/// </summary>/// <param name="topNumber">多少条</param>/// <param name="eventCode">事件ID</param>/// <param name="startTime">开始时间</param>/// <param name="endTime">结束时间</param>/// <returns>返回集合</returns>public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode, string startTime, string endTime){List<EventLogEntity> logList = new List<EventLogEntity>();try{//条件语句StringBuilder query = new StringBuilder();StringBuilder strWhere = new StringBuilder();query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message  from Win32_NTLogEvent ");//日志IDif (!string.IsNullOrEmpty(eventCode)){strWhere.Append(" AND eventCode = '");strWhere.Append(eventCode);strWhere.Append("'");}//开始日期if (!string.IsNullOrEmpty(startTime)){strWhere.Append(" AND TimeWritten>= '");strWhere.Append(getDmtfFromDateTime(startTime));strWhere.Append("'");}//结束日期if (!string.IsNullOrEmpty(endTime)){strWhere.Append(" AND TimeWritten<= '");strWhere.Append(getDmtfFromDateTime(endTime));strWhere.Append("'");}string laststrWhere = strWhere.ToString();//如果有检索条件if (!string.IsNullOrEmpty(laststrWhere)){laststrWhere = " where " + laststrWhere.Substring(4);}//组合条件
               query.Append(laststrWhere);//值ManagementObjectCollection moCollection = null;//如果是本地if (isLocal){ManagementScope scope = new ManagementScope(scopePath);scope.Connect();ObjectQuery objectQuery = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询moCollection = Searcher.Get();}//表示远程else{//设定通过WMI要查询的内容ObjectQuery Query = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);//异步调用WMI查询moCollection = Searcher.Get();}//循环if (moCollection != null){//计数器int i = 0;//foreachforeach (ManagementObject mObject in moCollection){//如果i==topNumber就退出循环if (i == topNumber){break;}EventLogEntity eventLog = new EventLogEntity();//日志类型eventLog.EventType = mObject["EventType"] == null ? string.Empty :GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));//日志种类eventLog.Category = mObject["Category"] == null ? string.Empty :mObject["Category"].ToString();//日志种类eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :mObject["CategoryString"].ToString();//日志编码eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :mObject["EventCode"].ToString();//日志IDeventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :mObject["EventIdentifier"].ToString();//行号eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :mObject["RecordNumber"].ToString();//日期eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());//日志来源eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :mObject["SourceName"].ToString();//详细错误eventLog.Message = mObject["Message"] == null ? string.Empty :mObject["Message"].ToString();//add
                       logList.Add(eventLog);////
                       i++;}}}catch (Exception ex){throw ex;}//
           return logList;}#endregion#region//根据行号检索错误信息/// <summary>/// 根据行号检索错误信息/// </summary>/// <param name="recordNumber">行号</param>/// <returns>返回错误信息</returns>public string GetErrMsg(uint recordNumber){string Msg = string.Empty;try{//条件语句StringBuilder query = new StringBuilder();query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");query.Append(" RecordNumber='");query.Append(recordNumber);query.Append("'");//值ManagementObjectCollection moCollection = null;//如果是本地if (isLocal){ManagementScope scope = new ManagementScope(scopePath);scope.Connect();ObjectQuery objectQuery = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询moCollection = Searcher.Get();}//表示远程else{//设定通过WMI要查询的内容ObjectQuery Query = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);//异步调用WMI查询moCollection = Searcher.Get();}//检索错误信息foreach (ManagementObject mObject in moCollection){//错误信息string message = mObject["Message"] == null ?string.Empty : mObject["Message"].ToString();//错误信息string[] insertionStrings =mObject["InsertionStrings"]==null?null:(string[])mObject["InsertionStrings"];//如果有错误信息if (string.IsNullOrEmpty(message)){if (insertionStrings.Length > 0){StringBuilder sb = new StringBuilder();for (int i = 0; i < insertionStrings.Length; i++){sb.Append(insertionStrings[i]);sb.Append(" ");}Msg =  sb.ToString();}}else{Msg= message;}}}catch{}//returnreturn string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;}#endregion

     

    C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能...

    先不说如何实现,先来看看效果图:

    读取远程的需要提供下远程的计算用户名和密码即可。

    如何实现这个代码功能,请看如下代码部分:

    实体类:

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;namespace GetDNSListTool
{public class EventLogEntity{string strEventType = string.Empty;  /// <summary>/// 日志类型/// </summary>public string EventType{get { return strEventType; }set { strEventType = value; }}string strTimeWritten = string.Empty;  /// <summary>/// 日志日期/// </summary>public string TimeWritten{get { return strTimeWritten; }set { strTimeWritten = value; }}string strCategory = string.Empty;  /// <summary>/// 日志种类/// </summary>public string Category{get { return strCategory; }set { strCategory = value; }}string strSourceName = string.Empty;  /// <summary>/// 日志来源/// </summary>public string SourceName{get { return strSourceName; }set { strSourceName = value; }}/// <summary>/// Eevnet ID/// </summary>string strEventIdentifier = string.Empty;  public string EventIdentifier{get { return strEventIdentifier; }set { strEventIdentifier = value; }}string strRecordNumber = string.Empty;  /// <summary>/// 行号/// </summary>public string RecordNumber{get { return strRecordNumber; }set { strRecordNumber = value; }}string strEventCode = string.Empty;  /// <summary>/// 日志编码/// </summary>public string EventCode{get { return strEventCode; }set { strEventCode = value; }}string strCategoryString = string.Empty;/// <summary>/// CategoryString/// </summary>public string CategoryString{get { return strCategoryString; }set { strCategoryString = value; }}string strMessage = string.Empty;/// <summary>/// 详细错误/// </summary>public string Message{get { return strMessage; }set { strMessage = value; }}}
}
    #region//格式化信息类别/// <summary>/// 格式化信息类别/// </summary>/// <param name="val"></param>/// <returns></returns>private string GetEventTypeString(NTLogEvent.EventTypeValues val){switch (val){case NTLogEvent.EventTypeValues.Error:return EventTypeDescription.Error;case NTLogEvent.EventTypeValues.Warning:return EventTypeDescription.Warning;case NTLogEvent.EventTypeValues.Information:return EventTypeDescription.Information;case NTLogEvent.EventTypeValues.Security_audit_success:return EventTypeDescription.SuccessAudit;case NTLogEvent.EventTypeValues.Security_audit_failure:return EventTypeDescription.FailureAudit;default:return EventTypeDescription.Unknown;}}#endregion
    #region//获取日志文件/// <summary>/// 获取日志文件/// </summary>/// <param name="topNumber">多少条</param>/// <param name="eventCode">事件ID</param>/// <param name="startTime">开始时间</param>/// <param name="endTime">结束时间</param>/// <returns>返回集合</returns>public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode, string startTime, string endTime){List<EventLogEntity> logList = new List<EventLogEntity>();try{//条件语句StringBuilder query = new StringBuilder();StringBuilder strWhere = new StringBuilder();query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message  from Win32_NTLogEvent ");//日志IDif (!string.IsNullOrEmpty(eventCode)){strWhere.Append(" AND eventCode = '");strWhere.Append(eventCode);strWhere.Append("'");}//开始日期if (!string.IsNullOrEmpty(startTime)){strWhere.Append(" AND TimeWritten>= '");strWhere.Append(getDmtfFromDateTime(startTime));strWhere.Append("'");}//结束日期if (!string.IsNullOrEmpty(endTime)){strWhere.Append(" AND TimeWritten<= '");strWhere.Append(getDmtfFromDateTime(endTime));strWhere.Append("'");}string laststrWhere = strWhere.ToString();//如果有检索条件if (!string.IsNullOrEmpty(laststrWhere)){laststrWhere = " where " + laststrWhere.Substring(4);}//组合条件
               query.Append(laststrWhere);//值ManagementObjectCollection moCollection = null;//如果是本地if (isLocal){ManagementScope scope = new ManagementScope(scopePath);scope.Connect();ObjectQuery objectQuery = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询moCollection = Searcher.Get();}//表示远程else{//设定通过WMI要查询的内容ObjectQuery Query = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);//异步调用WMI查询moCollection = Searcher.Get();}//循环if (moCollection != null){//计数器int i = 0;//foreachforeach (ManagementObject mObject in moCollection){//如果i==topNumber就退出循环if (i == topNumber){break;}EventLogEntity eventLog = new EventLogEntity();//日志类型eventLog.EventType = mObject["EventType"] == null ? string.Empty :GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));//日志种类eventLog.Category = mObject["Category"] == null ? string.Empty :mObject["Category"].ToString();//日志种类eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :mObject["CategoryString"].ToString();//日志编码eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :mObject["EventCode"].ToString();//日志IDeventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :mObject["EventIdentifier"].ToString();//行号eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :mObject["RecordNumber"].ToString();//日期eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());//日志来源eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :mObject["SourceName"].ToString();//详细错误eventLog.Message = mObject["Message"] == null ? string.Empty :mObject["Message"].ToString();//add
                       logList.Add(eventLog);////
                       i++;}}}catch (Exception ex){throw ex;}//
           return logList;}#endregion#region//根据行号检索错误信息/// <summary>/// 根据行号检索错误信息/// </summary>/// <param name="recordNumber">行号</param>/// <returns>返回错误信息</returns>public string GetErrMsg(uint recordNumber){string Msg = string.Empty;try{//条件语句StringBuilder query = new StringBuilder();query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");query.Append(" RecordNumber='");query.Append(recordNumber);query.Append("'");//值ManagementObjectCollection moCollection = null;//如果是本地if (isLocal){ManagementScope scope = new ManagementScope(scopePath);scope.Connect();ObjectQuery objectQuery = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);//异步调用WMI查询moCollection = Searcher.Get();}//表示远程else{//设定通过WMI要查询的内容ObjectQuery Query = new ObjectQuery(query.ToString());//WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);//异步调用WMI查询moCollection = Searcher.Get();}//检索错误信息foreach (ManagementObject mObject in moCollection){//错误信息string message = mObject["Message"] == null ?string.Empty : mObject["Message"].ToString();//错误信息string[] insertionStrings =mObject["InsertionStrings"]==null?null:(string[])mObject["InsertionStrings"];//如果有错误信息if (string.IsNullOrEmpty(message)){if (insertionStrings.Length > 0){StringBuilder sb = new StringBuilder();for (int i = 0; i < insertionStrings.Length; i++){sb.Append(insertionStrings[i]);sb.Append(" ");}Msg =  sb.ToString();}}else{Msg= message;}}}catch{}//returnreturn string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;}#endregion

     

    与本文相关的文章

    发布评论

    评论列表 (0)

    1. 暂无评论