开发者

In .net what are the difference between Eventlog and ManagementObject for retriving logs from remote server?

问答 作者:

I have found out following two ways for getting Application Event log entries from remote server.

1. Using EventLog object 

 string logType = "Application";
 EventLog ev = new EventLog(logType,"rspl200");

 EventLogEntryCollection evColl =  ev.Entries

2. Using ManagementObjectSearcher object

ConnectionOptions co = new ConnectionOptions(); co.Username = "testA"; co.Password = "testA"; ManagementScope scope = new ManagementScope(@"\" + "machineName"+ @"\root\cimv2", co); scope.Connect();

SelectQuery query = new SelectQuery(@"select * from Win32_NtLogEvent"); EnumerationOptions opt = new EnumerationOptions(); opt.BlockSize = 1000;

using (ManagementObjectSearcher searcher = new  ManagementObjectSearcher(scope, query,opt))
   {

     foreach (ManagementObject mo in searcher.Get())
                {

                       // write down log entries
                       Console.Writeline(mo["EventCode"]);

                }

   }

I can easily get remote eventlog using method #1 (Using EventLog object) without any security access denied exception. But using method #2 (Using ManagementObjectSearcher object) i get access denied exception.

Actually I want remote event log (only application and also latest log not all application logs) to be displayed in treeview like below

 -  ServerName
   - Logs
     + Error
     + Information
     + Warning

Can anybody help me in this to find out best way from this开发者_JAVA百科 or any other?

Also the main thing is that user who reads remote logs may be in different domain than server.

Thanks Mitesh Patel

I see this is an old post...

I think your only problem with #2 is that your scope should be:

ManagementScope scope = new ManagementScope(@"\\" + "machineName"+ @"\root\cimv2", co);

You are missing the double backslash in yours.

One thing to be aware of using method #2 is that it's executing wmi queries so the wmi host process on the remote machine will get hammered. From what I've seen it runs at like %45 CPU usage till the wmi query completes.

I don't know how method #1 is implemented so can't say for sure on that.

If you're worried about performance I would stay away from the .Net event log API and use the win32 api(s):

pre-vista/2008: http://msdn.microsoft.com/en-us/library/aa363657(v=VS.85).aspx

post-vista/2008: http://msdn.microsoft.com/en-us/library/aa385785(v=VS.85).aspx

继续阅读:.netevent-log

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9