C# WindowsEvent Select
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Management;
using System.Diagnostics.Eventing.Reader;
namespace WindowsEventSelect
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void button1_Click(object sender, EventArgs e)
{
var conOpt = new ConnectionOptions();
conOpt.Impersonation = ImpersonationLevel.Impersonate;
conOpt.EnablePrivileges = true;
//conOpt.Username = "Admistrator";
//conOpt.Password = "password";
//conOpt.Authority = string.Format("ntlmdomain:{0}", "yourdomain.com");
var scope = new ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", "192.168.1.23"), conOpt);
scope.Connect();
bool isConnected = scope.IsConnected;
if (isConnected)
{
/* entire day */
//string dateTime = getDmtfFromDateTime(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
string dateTime = getDmtfFromDateTime(DateTime.Now.ToString("yyyy/MM/dd") + " 09:02"); // DateTime specific
SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where TimeGenerated >='" + dateTime + "'");
//SelectQuery query = new SelectQuery("Select * from Win32_NTLogEvent Where TimeWritten >='" + dateTime + "'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection logs = searcher.Get();
ShowItem a = new ShowItem();
List<ShowItem> aLst = new List<ShowItem>();
foreach (var log in logs)
{
a = new ShowItem();
a.TimeWritten = getDateTimeFromDmtfDate(log["TimeWritten"].ToString());
a.SourceName = log["SourceName"].ToString();
a.Message = nullToEmpty(log["Message"]);
aLst.Add(a);
//Console.WriteLine("Message : {0}", log["Message"]);
//Console.WriteLine("ComputerName : {0}", log["ComputerName"]);
//Console.WriteLine("Type : {0}", log["Type"]);
//Console.WriteLine("User : {0}", log["User"]);
//Console.WriteLine("EventCode : {0}", log["EventCode"]);
//Console.WriteLine("Category : {0}", log["Category"]);
//Console.WriteLine("SourceName : {0}", log["SourceName"]);
//Console.WriteLine("RecordNumber : {0}", log["RecordNumber"]);
//Console.WriteLine("TimeWritten : {0}", getDateTimeFromDmtfDate(log["TimeWritten"].ToString()));
}
List<ShowItem> ds = new List<ShowItem>();
ds = aLst.OrderBy(c => c.TimeWritten).ToList();
dataGridView1.DataSource = ds;
}
//ReadLog();
Console.ReadLine();
}
private string nullToEmpty(object obj)
{
if (obj == null)
{
return string.Empty;
}
else
{
return obj.ToString();
}
}
private static string getDmtfFromDateTime(DateTime dateTime)
{
return ManagementDateTimeConverter.ToDmtfDateTime(dateTime);
}
private static string getDmtfFromDateTime(string dateTime)
{
DateTime dateTimeValue = Convert.ToDateTime(dateTime);
return getDmtfFromDateTime(dateTimeValue);
}
private static string getDateTimeFromDmtfDate(string dateTime)
{
return ManagementDateTimeConverter.ToDateTime(dateTime).ToString();
}
}
public class ShowItem
{
public string TimeWritten{get; set; }
public string SourceName { get; set; }
public string Message { get; set; }
}
}
