C# 不使用代码删除自定义事件日志源
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/127936/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Deleting Custom Event Log Source Without Using Code
提问by Wolfwyrd
I have an application that has created a number of custom event log sources to help filter its output. How can I delete the custom sources from the machine WITHOUT writing any code as running a quick program using System.Diagnostics.EventLog.Delete is not possible.
我有一个应用程序,它创建了许多自定义事件日志源来帮助过滤其输出。如何在不编写任何代码的情况下从机器中删除自定义源,因为使用 System.Diagnostics.EventLog.Delete 运行快速程序是不可能的。
I've tried using RegEdit to remove the custom sources from [HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Eventlog] however the application acts as if the logs still exist behind the scenes.
我尝试使用 RegEdit 从 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Eventlog] 中删除自定义源,但是该应用程序的行为好像日志仍然存在于幕后。
What else am I missing?
我还缺少什么?
采纳答案by Mike L
I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a custom event log, under which are multiple event sources.
我也认为你来对地方了......它存储在注册表中,在事件日志的名称下。我有一个自定义事件日志,其中有多个事件源。
HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2
HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2
Those sources have an EventMessageFilekey, which is REG_EXPAND_SZand points to:
这些源有一个EventMessageFile键,它是REG_EXPAND_SZ并指向:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
I think if you delete the Key that is the log source, LOGSOURCE1 in my example, that should be all that's needed.
我认为,如果您删除作为日志源的 Key,在我的示例中为 LOGSOURCE1,那应该就是所需要的。
For what it's worth, I tried it through .NET and that's what it did. However, it does look like each custom event log also has a source of the same name. If you have a custom log, that could affect your ability to clear it. You'd have to delete the log outright, perhaps. Further, if your app has an installer, I can see that the application name also may be registered as a source in the application event log. One more place to clear.
对于它的价值,我通过 .NET 进行了尝试,这就是它所做的。但是,看起来每个自定义事件日志也有一个同名的来源。如果您有自定义日志,这可能会影响您清除它的能力。也许您必须彻底删除日志。此外,如果您的应用程序有安装程序,我可以看到应用程序名称也可能在应用程序事件日志中注册为源。还有一个地方要清理。
回答by MusiGenesis
Perhaps your application is fault-tolerant, meaning that it checks to see if the event log source is already registered and registers the source if it isn't?
也许您的应用程序是容错的,这意味着它会检查事件日志源是否已注册,如果尚未注册,则注册该源?
If this were the case, your application would re-create the source(s) each time it ran, no matter what you did.
如果是这种情况,无论您做什么,您的应用程序每次运行时都会重新创建源。
回答by Kapé
What about using Powershell?
使用Powershell怎么样?
Remove-EventLog -LogName "Custom log name"
Remove-EventLog -Source "Custom source name"
回答by Moondustt
I was able only to delete it by using:
我只能使用以下方法删除它:
[System.Diagnostics.EventLog]::Delete("WrongNamedEventLog");
in powershell
在 PowerShell 中
