按日期限制事件日誌

Question

我抓住事件日誌，然後將它們顯示在數據網格中，但對於需要永久返回的大型日誌，所以我想限制最近24小時的日誌，但我不知道如何做到這一點。我想在迭代每個條目之前限制集合，因爲那樣做仍然需要很長時間。任何幫助將完全讚賞！

namespace SysTools 
{ 
    public partial class LogViewer : Form 
    { 
     DataTable eventLog = new DataTable(); 
     DataSet dataset1 = new DataSet(); 
     private EventLog unhandledLogs; 
     public LogViewer(EventLog logs) 
     { 
      unhandledLogs = logs; 
      InitializeComponent(); 
     } 

     private void LogViewer_Load(object sender, EventArgs e) 
     { 
      String currentLog = unhandledLogs.Log; 
      DataTable dataTable1 = new DataTable(); 
      DataColumn column; 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Level"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Category"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.DateTime"); 
      column.ColumnName = "DateTime"; 
      dataTable1.Columns.Add(column); 
      column = new DataColumn(); 
      column.DataType = System.Type.GetType("System.String"); 
      column.ColumnName = "Message"; 
      dataTable1.Columns.Add(column); 
      dataTable1.Rows.Clear(); 
      DateTime systemtime = new DateTime(); 
      Int32 count = unhandledLogs.Entries.Count; 
      for (int currLogIndex = 0; currLogIndex <= unhandledLogs.Entries.Count; currLogIndex++) 
      { 
       DataRow drnew = dataTable1.NewRow(); 
       try 
       { 
        EventLogEntry currLogEntrys = unhandledLogs.Entries[currLogIndex]; 
        EventLogEntry currLogEntry = currLogEntrys; 
        string entrytype = currLogEntrys.EntryType.ToString(); 
        drnew["Level"] = entrytype; 
        drnew["Category"] = currLogEntry.Source; 
        drnew["DateTime"] = currLogEntry.TimeGenerated; 
        drnew["Message"] = currLogEntry.Message; 
        dataTable1.Rows.Add(drnew); 
       } 
       catch { } 
      } 
      dataGridView1.DataSource = dataTable1; 
      dataTable1.DefaultView.Sort = ("DateTime asc"); 
     } 
    } 
} 

Answer 1

看一看在EventLogQuery和EventLogReader類。在下面的示例中，我從應用程序事件日誌中讀取過去24小時的日誌，並將它們放入列表中。你可以很容易地適應你自己的日誌和需求。

請注意我正在做一些適度的修改以獲得預期格式的日期（您應該改進它），但請參閱我如何創建查詢，然後只處理檢索到的記錄。

public void GetEvents() 
    { 
     string FormattedDateTime = string.Format("{0}-{1}-{2}T{3}:{4}:{5}.000000000Z", 
      DateTime.Now.Year, 
      DateTime.Now.Month.ToString("D2"), 
      DateTime.Now.AddDays(-1).Day.ToString("D2"), 
      DateTime.Now.Hour.ToString("D2"), 
      DateTime.Now.Minute.ToString("D2"), 
      DateTime.Now.Second.ToString("D2")); 

     string LogSource = @"Application"; 
     string Query = "*[System[TimeCreated[@SystemTime >= '" + FormattedDateTime + "']]]"; 

     var QueryResult = new EventLogQuery(LogSource, PathType.LogName, Query); 
     var Reader = new System.Diagnostics.Eventing.Reader.EventLogReader(QueryResult); 

     List<EventRecord> Events = new List<EventRecord>(); 

     bool Reading = true; 

     while (Reading) 
     { 
      EventRecord Rec = Reader.ReadEvent(); 

      if (Rec == null) 
       Reading = false; 

      Events.Add(Rec); 
      // You could add to your own collection here instead of adding to a list 

     } 
    }