zoukankan      html  css  js  c++  java
  • C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能

    先不说如何实现,先来看看效果图:

    读取远程的需要提供下远程的计算用户名和密码即可。

    如何实现这个代码功能,请看如下代码部分:

    实体类:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Text;
    
    namespace GetDNSListTool
    {
        public class EventLogEntity
        {
            string strEventType = string.Empty;  
            /// <summary>
            /// 日志类型
            /// </summary>
            public string EventType
            {
                get { return strEventType; }
                set { strEventType = value; }
            }
    
            string strTimeWritten = string.Empty;  
            /// <summary>
            /// 日志日期
            /// </summary>
            public string TimeWritten
            {
                get { return strTimeWritten; }
                set { strTimeWritten = value; }
            }
    
            string strCategory = string.Empty;  
            /// <summary>
            /// 日志种类
            /// </summary>
            public string Category
            {
                get { return strCategory; }
                set { strCategory = value; }
            }
    
            string strSourceName = string.Empty;  
            /// <summary>
            /// 日志来源
            /// </summary>
            public string SourceName
            {
                get { return strSourceName; }
                set { strSourceName = value; }
            }
            /// <summary>
            /// Eevnet ID
            /// </summary>
            string strEventIdentifier = string.Empty;  
            public string EventIdentifier
            {
                get { return strEventIdentifier; }
                set { strEventIdentifier = value; }
            }
    
            string strRecordNumber = string.Empty;  
            /// <summary>
            /// 行号
            /// </summary>
            public string RecordNumber
            {
                get { return strRecordNumber; }
                set { strRecordNumber = value; }
            }
    
            string strEventCode = string.Empty;  
            /// <summary>
            /// 日志编码
            /// </summary>
            public string EventCode
            {
                get { return strEventCode; }
                set { strEventCode = value; }
            }
    
            string strCategoryString = string.Empty;
            /// <summary>
            /// CategoryString
            /// </summary>
            public string CategoryString
            {
                get { return strCategoryString; }
                set { strCategoryString = value; }
            }
    
    
            string strMessage = string.Empty;
            /// <summary>
            /// 详细错误
            /// </summary>
            public string Message
            {
                get { return strMessage; }
                set { strMessage = value; }
            }
        }
    }
    #region//格式化信息类别
           /// <summary>
           /// 格式化信息类别
           /// </summary>
           /// <param name="val"></param>
           /// <returns></returns>
           private string GetEventTypeString(NTLogEvent.EventTypeValues val)
           {
               switch (val)
               {
                   case NTLogEvent.EventTypeValues.Error:
                       return EventTypeDescription.Error;
                   case NTLogEvent.EventTypeValues.Warning:
                       return EventTypeDescription.Warning;
                   case NTLogEvent.EventTypeValues.Information:
                       return EventTypeDescription.Information;
                   case NTLogEvent.EventTypeValues.Security_audit_success:
                       return EventTypeDescription.SuccessAudit;
                   case NTLogEvent.EventTypeValues.Security_audit_failure:
                       return EventTypeDescription.FailureAudit;
                   default:
                       return EventTypeDescription.Unknown;
               }
           }
           #endregion
    #region//获取日志文件
           /// <summary>
           /// 获取日志文件
           /// </summary>
           /// <param name="topNumber">多少条</param>
           /// <param name="eventCode">事件ID</param>
           /// <param name="startTime">开始时间</param>
           /// <param name="endTime">结束时间</param>
           /// <returns>返回集合</returns>
           public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode, 
               string startTime, string endTime)
           {
               List<EventLogEntity> logList = new List<EventLogEntity>();
               try
               {
                   //条件语句
                   StringBuilder query = new StringBuilder();
                   StringBuilder strWhere = new StringBuilder();
                   query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message  from Win32_NTLogEvent ");
                   //日志ID
                   if (!string.IsNullOrEmpty(eventCode))
                   {
                       strWhere.Append(" AND eventCode = '");
                       strWhere.Append(eventCode);
                       strWhere.Append("'");
                   }
                   //开始日期
                   if (!string.IsNullOrEmpty(startTime))
                   {
                       strWhere.Append(" AND TimeWritten>= '");
                       strWhere.Append(getDmtfFromDateTime(startTime));
                       strWhere.Append("'");
                   }
                   //结束日期
                   if (!string.IsNullOrEmpty(endTime))
                   {
                       strWhere.Append(" AND TimeWritten<= '");
                       strWhere.Append(getDmtfFromDateTime(endTime));
                       strWhere.Append("'");
                   }
                   string laststrWhere = strWhere.ToString();
                   //如果有检索条件
                   if (!string.IsNullOrEmpty(laststrWhere))
                   {
                       laststrWhere = " where " + laststrWhere.Substring(4);
                   }
                   //组合条件
                   query.Append(laststrWhere);
                   //
                   ManagementObjectCollection moCollection = null;
                   //如果是本地
                   if (isLocal)
                   {
                       ManagementScope scope = new ManagementScope(scopePath);
                       scope.Connect();
                       ObjectQuery objectQuery = new ObjectQuery(query.ToString());
                       //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                       ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
                       //异步调用WMI查询
                       moCollection = Searcher.Get();
                   }
                   //表示远程
                   else
                   {
                       //设定通过WMI要查询的内容
                       ObjectQuery Query = new ObjectQuery(query.ToString());
                       //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                       ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
                       //异步调用WMI查询
                       moCollection = Searcher.Get();
                   }
                   //循环
                   if (moCollection != null)
                   {
                      
                       //计数器
                       int i = 0;
                       //foreach
                       foreach (ManagementObject mObject in moCollection)
                       {
                           //如果i==topNumber就退出循环
                           if (i == topNumber)
                           {
                               break;
                           }
                           EventLogEntity eventLog = new EventLogEntity();
    
                           //日志类型
                           eventLog.EventType = mObject["EventType"] == null ? string.Empty :
                                GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));
                           //日志种类
                           eventLog.Category = mObject["Category"] == null ? string.Empty :
                                mObject["Category"].ToString();
                           //日志种类
                           eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :
                                mObject["CategoryString"].ToString();
                           //日志编码
                           eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :
                                mObject["EventCode"].ToString();
                           //日志ID
                           eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :
                                mObject["EventIdentifier"].ToString();
                           //行号
                           eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :
                                mObject["RecordNumber"].ToString();
                           //日期
                           eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :
                                getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());
                           
                           //日志来源
                           eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :
                                mObject["SourceName"].ToString();
                           //详细错误
                           eventLog.Message = mObject["Message"] == null ? string.Empty :
                               mObject["Message"].ToString();
                           //add
                           logList.Add(eventLog);
                           //
                           //
                           i++;
                       }
    
                   }
               }
               catch (Exception ex)
               {
                   throw ex;
               }
               //
               return logList;
           }
           #endregion
    
           #region//根据行号检索错误信息
           /// <summary>
           /// 根据行号检索错误信息
           /// </summary>
           /// <param name="recordNumber">行号</param>
           /// <returns>返回错误信息</returns>
           public string GetErrMsg(uint recordNumber)
           {
               string Msg = string.Empty;
               try
               {
                   //条件语句
                   StringBuilder query = new StringBuilder();
                   query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");
                   query.Append(" RecordNumber='");
                   query.Append(recordNumber);
                   query.Append("'");
                   //
                   ManagementObjectCollection moCollection = null;
                   //如果是本地
                   if (isLocal)
                   {
                       ManagementScope scope = new ManagementScope(scopePath);
                       scope.Connect();
                       ObjectQuery objectQuery = new ObjectQuery(query.ToString());
                       //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                       ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);
                       //异步调用WMI查询
                       moCollection = Searcher.Get();
                   }
                   //表示远程
                   else
                   {
                       //设定通过WMI要查询的内容
                       ObjectQuery Query = new ObjectQuery(query.ToString());
                       //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合
                       ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);
                       //异步调用WMI查询
                       moCollection = Searcher.Get();
                   }
                   //检索错误信息
                   foreach (ManagementObject mObject in moCollection)
                   {
                       //错误信息
                       string message = mObject["Message"] == null ?
                           string.Empty : mObject["Message"].ToString();
                       //错误信息
                       string[] insertionStrings =mObject["InsertionStrings"]==null?null:
                           (string[])mObject["InsertionStrings"];
                       //如果有错误信息
                       if (string.IsNullOrEmpty(message))
                       {
                           if (insertionStrings.Length > 0)
                           {
                               StringBuilder sb = new StringBuilder();
    
                               for (int i = 0; i < insertionStrings.Length; i++)
                               {
                                   sb.Append(insertionStrings[i]);
                                   sb.Append(" ");
                               }
    
                               Msg =  sb.ToString();
                           }
                          
                       }
                       else
                       {
                           Msg= message;
                       }
                   }
               }
               catch
               {
               }
               //return
               return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;
           }
           #endregion
  • 相关阅读:
    springboot 整合 mybatis plus
    Centos7下安装Docker
    idea 将项目打包成 docker 镜像 推送到 阿里云
    Windows10 使用 docker toolbo x安装 docker
    js 修改 url 但不刷新页面
    MySQL-建数据库的字符集与排序规则说明
    7.Redis 缓存过期处理与内存淘汰机制
    6.Redis 主从复制原理总结
    5.Redis 持久化
    4.Springboot整合Redis
  • 原文地址:https://www.cnblogs.com/love007/p/5209051.html
Copyright © 2011-2022 走看看