问题
Im trying to run a WMI query against another computer for errors within the last 5 hours or so. When running a WMI query, shouldnt you at least filter the initial query with a where clause?
Im basing my code off of samples generated from the WMI code creator on MSDN
Here is the select query im using
private ManagementScope CreateNewManagementScope(string server)
{
string serverString = @"\\" + server + @"\root\cimv2";
ManagementScope scope = new ManagementScope(serverString);
return scope;
}
ManagementScope scope = CreateNewManagementScope(servername);
scope.Connect();
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where TimeWritten > '" + DateTime.Now.AddHours(-5).ToString() + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
int iErrCount = logs.Count;
I just want to get a count of the errors in the last 5 hours. Its throwing an error when getting the count. The error is rather vague "Generic Failure".
[update - using date like this now]
DateTime d = DateTime.UtcNow.AddHours(-12);
string dateFilter = ManagementDateTimeConverter.ToDmtfDateTime(d);
SelectQuery query = new SelectQuery("select * from Win32_NtLogEvent where Logfile='Application' AND Type='Error' AND TimeWritten > '" + dateFilter + "'");
With the above code I get no results, yet I can see 2 errors in the event log. Whats wrong with the date filter?
Im using this example http://msdn.microsoft.com/en-us/library/system.management.managementdatetimeconverter.todatetime.aspx
回答1:
I did the following to get it to work. I hope this helps..
static void Main(string[] args)
{
var conOpt = new ConnectionOptions();
conOpt.Impersonation = ImpersonationLevel.Impersonate;
conOpt.EnablePrivileges = true;
conOpt.Username = "username";
conOpt.Password = "password";
conOpt.Authority = string.Format("ntlmdomain:{0}", "yourdomain.com");
var scope = new
ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2",
"yourservername.yourdomain.com"),
conOpt);
scope.Connect();
bool isConnected = scope.IsConnected;
if (isConnected)
{
/* entire day */ string dateTime = getDmtfFromDateTime(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
string dateTime = getDmtfFromDateTime("09/06/2014 17:00:08"); // DateTime specific
SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where Logfile = 'Application' and TimeGenerated >='" + dateTime + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
foreach (var log in logs)
{
Console.WriteLine("Message : {0}", log["Message"]);
Console.WriteLine("ComputerName : {0}", log["ComputerName"]);
Console.WriteLine("Type : {0}", log["Type"]);
Console.WriteLine("User : {0}", log["User"]);
Console.WriteLine("EventCode : {0}", log["EventCode"]);
Console.WriteLine("Category : {0}", log["Category"]);
Console.WriteLine("SourceName : {0}", log["SourceName"]);
Console.WriteLine("RecordNumber : {0}", log["RecordNumber"]);
Console.WriteLine("TimeWritten : {0}", getDateTimeFromDmtfDate(log["TimeWritten"].ToString()));
}
}
//ReadLog();
Console.ReadLine();
}
private static string getDmtfFromDateTime(DateTime dateTime)
{
return ManagementDateTimeConverter.ToDmtfDateTime(dateTime);
}
private static string getDmtfFromDateTime(string dateTime)
{
DateTime dateTimeValue = Convert.ToDateTime(dateTime);
return getDmtfFromDateTime(dateTimeValue);
}
private static string getDateTimeFromDmtfDate(string dateTime)
{
return ManagementDateTimeConverter.ToDateTime(dateTime).ToString();
}
来源:https://stackoverflow.com/questions/23816470/c-sharp-wmi-reading-remote-event-log