-1
我試着去使用此功能:如何收集所有系統事件日誌並將其保存到文件?
public void DoBackup(string sLogName)
{
string sBackup = sLogName; // could be for example "Application"
EventLog log = new EventLog();
log.Source = sBackup;
var query = from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select entry;
string sBackupName = sBackup + "Log";
var xml = new XDocument(
new XElement(sBackupName,
from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select new XElement("Log",
new XElement("Message", entry.Message),
new XElement("TimeGenerated", entry.TimeGenerated),
new XElement("Source", entry.Source),
new XElement("EntryType", entry.EntryType.ToString())
)
)
);
DateTime oggi = DateTime.Now;
string sToday = DateTime.Now.ToString("yyyyMMdd_hhmmss");
string path = String.Format("{0}_{1}.xml", sBackupName, sToday);
xml.Save(Path.Combine(Environment.CurrentDirectory, path));
}
總的來說,我想創建兩個文件:
- 所有的應用程序事件日誌的文本文件。
- 所有系統事件日誌的文本文件。
我調用此函數是這樣的:
DOBACKUP( 「測試」); 但運行它的IM上得到一個異常時:
var xml = new XDocument(
new XElement(sBackupName,
from EventLogEntry entry in log.Entries
orderby entry.TimeGenerated descending
select new XElement("Log",
new XElement("Message", entry.Message),
new XElement("TimeGenerated", entry.TimeGenerated),
new XElement("Source", entry.Source),
new XElement("EntryType", entry.EntryType.ToString())
)
)
);
登錄屬性值尚未指定
System.ArgumentException was unhandled
HResult=-2147024809
Message=Log property value has not been specified.
Source=System
StackTrace:
at System.Diagnostics.EventLogInternal.OpenForRead(String currentMachineName)
at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32 index)
at System.Diagnostics.EventLogEntryCollection.EntriesEnumerator.MoveNext()
at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
at System.Linq.OrderedEnumerable`1.<GetEnumerator>d__0.MoveNext()
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Xml.Linq.XContainer.AddContentSkipNotify(Object content)
at System.Xml.Linq.XElement..ctor(XName name, Object content)
at Diagnostic_Tool_Blue_Screen.Form1.DoBackup(String sLogName) in d:\C-Sharp\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Form1.cs:line 161
at Diagnostic_Tool_Blue_Screen.Form1.Diagnose_Click(Object sender, EventArgs e) in d:\C-Sharp\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Form1.cs:line 57
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(Form mainForm)
at Diagnostic_Tool_Blue_Screen.Program.Main() in d:\C-Sharp\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Diagnostic Tool Blue Screen\Program.cs:line 19
at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
InnerException:
最終的文本文件在我的硬盤上的內容看起來應該像這樣:
Event[0]:
Log Name: System
Source: EventLog
Date: 2013-01-17T03:19:18.000
Event ID: 6011
Task: N/A
Level: Information
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: windows-uj49s6b
Description:
The NetBIOS name and DNS host name of this machine have been changed from WINDOWS-UJ49S6B to WIN-F1MN9CTN28S.
Event[1]:
Log Name: System
EventApp文本文件是18mb和EventSys文本文件whi ch是大約3mb。
哪裏是你的問題的問題? –
問題是如何創建/寫入所有事件日誌的文本文件?我舉了一個我嘗試過的例子,但它不起作用。 – DanielVest
你爲什麼不斷地改變問題?我的答案解決了你的例外嗎? –