【发布时间】:2009-02-18 22:42:44
【问题描述】:
我想使用 C# 从 Windows 事件日志中删除一个事件。
谁能指出如何实现这一目标的正确方向?
【问题讨论】:
我想使用 C# 从 Windows 事件日志中删除一个事件。
谁能指出如何实现这一目标的正确方向?
【问题讨论】:
简单:)。
但是删除看起来像从数组中删除项目,您需要制作所有数组的副本,除了您需要删除的项目。
有一个例子,如何“从日志中删除每个项目具有非偶数索引的项目”。
using System;
using System.Collections;
using System.Diagnostics;
using System.Threading;
class EventLogEntryCollection_Item
{
/// <summary>
/// Prints all.
/// </summary>
/// <param name="myEventLogEntryCollection">My event log entry collection.</param>
private static void PrintAll(EventLogEntryCollection myEventLogEntryCollection)
{
for (int i = 0; i < myEventLogEntryCollection.Count; i++)
{
Console.WriteLine("The Message of the EventLog is :"
+ myEventLogEntryCollection[i].Message);
}
}
/// <summary>
/// Creates the new log message.
/// </summary>
/// <param name="LogName">Name of the log.</param>
/// <param name="message">The message.</param>
private static void CreateNewLogMessage(string LogName, string message)
{
EventLog myEventLog = new EventLog();
myEventLog.Source = LogName;
myEventLog.WriteEntry(message);
myEventLog.Close();
}
/// <summary>
/// Mains this instance.
/// </summary>
public static void Main()
{
try
{
// Check if the source exists.
if (!EventLog.SourceExists("MySource"))
{
// Create the source.
// An event log source should not be created and immediately used.
// There is a latency time to enable the source, it should be created
// prior to executing the application that uses the source.
EventLog.CreateEventSource("MySource", "MySource");
Console.WriteLine("Creating EventSource");
Console.WriteLine("Exiting, execute the application a second time to use the source.");
Thread.Sleep(2000);
// The source is created. sleep to allow it to be registered.
}
string myLogName = EventLog.LogNameFromSourceName("MySource", ".");
// Create a new EventLog object.
EventLog myEventLog1 = new EventLog();
myEventLog1.Log = myLogName;
//Create test messages.
myEventLog1.Clear();
for (int i = 0; i < 20; i++)
{
CreateNewLogMessage("MySource", "The entry number is " + i);
}
// Obtain the Log Entries of "MyNewLog".
EventLogEntryCollection myEventLogEntryCollection =
myEventLog1.Entries;
//myEventLog1.Close();
Console.WriteLine("The number of entries in 'MyNewLog' = "
+ myEventLogEntryCollection.Count);
// Copy the EventLog entries to Array of type EventLogEntry.
EventLogEntry[] myEventLogEntryArray =
new EventLogEntry[myEventLogEntryCollection.Count];
myEventLogEntryCollection.CopyTo(myEventLogEntryArray, 0);
Console.WriteLine("before deleting");
// Display the 'Message' property of EventLogEntry.
PrintAll(myEventLogEntryCollection);
myEventLog1.Clear();
Console.WriteLine("process deleting");
foreach (EventLogEntry myEventLogEntry in myEventLogEntryArray)
{
//Console.WriteLine("The LocalTime the Event is generated is "
// + myEventLogEntry.TimeGenerated + " ; " + myEventLogEntry.Message);
if (myEventLogEntry.Index % 2 == 0)
{
CreateNewLogMessage("MySource", myEventLogEntry.Message);
}
}
Console.WriteLine("after deleting");
PrintAll(myEventLogEntryCollection);
myEventLog1.Close();
}
catch (Exception e)
{
Console.WriteLine("Exception:{0}", e.Message);
}
Console.ReadKey();
}
}
【讨论】:
我不相信您可以从事件日志中删除一个特定事件。要么全有,要么全无。如果你想摆脱一个,你必须清除整个日志。
编辑:你唯一能做的就是Clear the log。好吧,你可以从计算机中删除整个日志,如果它不是安全、应用程序或系统,但你绝对不能删除一个条目。
【讨论】:
我认为这是不可能的。查看 System.Diagnostics 命名空间和 tis EventLog* 类以获取更多文档。
【讨论】: