windows 从最新到最旧读取事件日志
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7023472/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Read Event Log From Newest to Oldest
提问by leinad13
I have written a short program to establish the uptime for remote PC's using the event log messages which are posted at startup and shutdown. Currently the logic is :
我编写了一个简短的程序来使用启动和关闭时发布的事件日志消息来确定远程 PC 的正常运行时间。目前的逻辑是:
foreach (eventlogentry)
{
if (entryTime > OldestTime)
{
if (entry = Startup)
{
addOnTime(entry.Time);
}
if (entry = Shutdown)
{
addOffTime(entry.Time);
}
}
}
"OldestTime" define how far to scan backwards in time....
“OldestTime”定义向后扫描多远的时间......
I would like to know if there is anyway to easily ammend my program to read the events from newest to oldest?
我想知道是否有办法轻松修改我的程序以从最新到最旧读取事件?
It's reading remote event logs and its taking a while for this function to run, as it starts at the end and reads forward.
它正在读取远程事件日志,并且运行此函数需要一段时间,因为它从最后开始并向前读取。
I know this because I added a "else" block to the first "if" to break out of the foreach block, if the entry isnt within the timespan we are looking for and the program stop's at the first event it reads.
我知道这一点是因为我在第一个“if”块中添加了一个“else”块以跳出 foreach 块,如果条目不在我们正在寻找的时间跨度内并且程序在它读取的第一个事件处停止。
回答by Jurriaan Pijpers
It has been a while since you asked this question, but i ran into the same problem and found a solution.
你问这个问题已经有一段时间了,但我遇到了同样的问题并找到了解决方案。
using System.Diagnostics;
using System.Linq;
EventLog events = new EventLog("Application", System.Environment.MachineName);
foreach (EventLogEntry entry in events.Entries.Cast<EventLogEntry>().Reverse())
{
//Do your tasks
}
This awnser still is not as fast as to just enumerate it forward but it is a bit more elegant than using a loop to copy items to a list.
这个 awnser 仍然没有向前枚举它那么快,但它比使用循环将项目复制到列表要优雅一些。
@leinad13, for your application you need to change System.Environment.MachineName to a string with the name of the computer you want the events from and change "Application" to the log you want to see. I think "System" in your case.
@ leinad13,对于您的应用程序,您需要将 System.Environment.MachineName 更改为包含您想要事件的计算机名称的字符串,并将“应用程序”更改为您想要查看的日志。我认为你的情况是“系统”。
回答by mfdoran
Your best solution may be to move the data into a list and then reverse the order of that. Something like the following:
您最好的解决方案可能是将数据移动到一个列表中,然后颠倒它的顺序。类似于以下内容:
EventLog eventLog = new EventLog();
eventLog.Log = myEventLog;
var eventList = new List<EventLogEntry>();
foreach(EventLogEntry entry in eventLog.Entries)
{
eventList.Add(entry);
}
eventList.Reverse();
That should get the data in the reverse order, i.e. latest first, and then you can just process it as before but this time exit the loop when you hit a date before the oldest time.
这应该以相反的顺序获取数据,即先获取最新数据,然后您可以像以前一样处理它,但是这次当您在最旧时间之前遇到日期时退出循环。
Its not an ideal solution as you are still processing the whole log but it may be worth trying out to see if you get an improvement in performance
它不是一个理想的解决方案,因为您仍在处理整个日志,但可能值得尝试一下,看看您的性能是否有所提高
