以高性能方式查询 Windows 事件日志
我构建了一个 ASP.NET Web 应用程序来使用数据绑定控件查看 Windows 事件日志中的数据。通过连接到访问 EventLog 的中介类的 ObjectDataSource 检索数据。当我将 GridView 连接到 ObjectDataSource 时,它想要计算 EventLog 中的行数。我可以简单快速地做到这一点:
var log = new EventLog {Log = logName};
return log.Entries.Count;
从我不科学的角度来看,它似乎在 O(1) 内返回。但是,如果我想对某个日期之前发生的条目或通过某个事件源发生的条目进行计数,我找不到有效的方法来对它们进行计数。我尝试过 WMI 查询,例如:
var query = new ObjectQuery("Select * from Win32_NTLogEvent
where LogFile='Application'");
var searcher = new ManagementObjectSearcher(query);
var result = searcher.Get();
var foo = result.Count;
对于具有 70k 条目的事件日志,在我的电源合理的工作站上,这大约需要一分钟的时间。看起来像 O(n)。我还尝试使用 Linq 过滤 log.Entries 并获得类似的结果。
有没有更高效的方法来做到这一点?对于网格中的实际数据,我发现循环 log.Entries 并通过索引访问是获取条目集合的一种非常高效的方法。
I've built an ASP.NET web app to view data from the Windows Event Log using databound controls. The data is retrieved via an ObjectDataSource connected to a mediator class that accesses the EventLog. When I connect a GridView to the ObjectDataSource, it wants to count the rows in the EventLog. I can do this simply and quickly with:
var log = new EventLog {Log = logName};
return log.Entries.Count;
From my unscientific perspective, it appears to be returning in O(1). However, if I want to count entries that occur before a certain date or that are via a certain event source, I cannot find a way to count them that is efficient. I've tried WMI queries such as:
var query = new ObjectQuery("Select * from Win32_NTLogEvent
where LogFile='Application'");
var searcher = new ManagementObjectSearcher(query);
var result = searcher.Get();
var foo = result.Count;
For an event log with 70k entries, this takes on the order of a minute on my reasonably powered workstation. It's looking like O(n). I've also tried filtering log.Entries with Linq and get similar results.
Is there any more performant way to do this? For the actual data in the grid, I've found looping over the log.Entries and accessing via index a very performant way to get a collection of entries.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您使用的是 .NET 3.5 或更高版本,则可以使用 EventLogQuery类及相关API。
If you are using .NET 3.5 or above, then you can use the EventLogQuery class and related APIs.