从 TaskScheduler 事件日志获取任务名称
我正在尝试访问事件查看器的“详细信息”选项卡中提供的信息。
我意识到 TaskScheduler 事件无法通过 System.Diagnostics.EventLog 获得,而是通过 System.Diagnostics.Eventing 获得。
到目前为止,我已经得到了这个:
var query = new EventLogQuery("Microsoft-Windows-TaskScheduler/Operational", PathType.LogName);
var reader = new EventLogReader(query);
var eventRec = reader.ReadEvent();
但我无法在返回的对象中的任何位置找到 EventData。
我正在尝试查找此信息(Guid 已删除),特别是“EventData->TaskName”:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
< System>
< Provider Name="Microsoft-Windows-TaskScheduler" Guid="...." />
< EventID>110</EventID>
< Version>0</Version>
< Level>4</Level>
< Task>110</Task>
< Opcode>0</Opcode>
< Keywords>0x8000000000000000</Keywords>
< TimeCreated SystemTime="2011-12-21T17:51:13.029864700Z" />
< EventRecordID>203307</EventRecordID>
< Correlation ActivityID="{090...440}" />
< Execution ProcessID="996" ThreadID="9932" />
< Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
< Computer>....</Computer>
< Security UserID="S-1-5-18" />
< /System>
< EventData Name="TaskRunEvent">
**< Data Name="TaskName">\testTask</Data>**
< Data Name="InstanceId">{090...440}</Data>
< Data Name="UserContext">cussonsh</Data>
< /EventData> < /Event>
I'm trying to access the information available in the "Details" tab in Event Viewer.
I've realized the TaskScheduler events aren't available via the System.Diagnostics.EventLog, but instead via System.Diagnostics.Eventing.
So far I've got this:
var query = new EventLogQuery("Microsoft-Windows-TaskScheduler/Operational", PathType.LogName);
var reader = new EventLogReader(query);
var eventRec = reader.ReadEvent();
But I cant find the EventData anywhere in the returned object.
I'm trying to find this info (Guid's removed), specifically the "EventData->TaskName":
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
< System>
< Provider Name="Microsoft-Windows-TaskScheduler" Guid="...." />
< EventID>110</EventID>
< Version>0</Version>
< Level>4</Level>
< Task>110</Task>
< Opcode>0</Opcode>
< Keywords>0x8000000000000000</Keywords>
< TimeCreated SystemTime="2011-12-21T17:51:13.029864700Z" />
< EventRecordID>203307</EventRecordID>
< Correlation ActivityID="{090...440}" />
< Execution ProcessID="996" ThreadID="9932" />
< Channel>Microsoft-Windows-TaskScheduler/Operational</Channel>
< Computer>....</Computer>
< Security UserID="S-1-5-18" />
< /System>
< EventData Name="TaskRunEvent">
**< Data Name="TaskName">\testTask</Data>**
< Data Name="InstanceId">{090...440}</Data>
< Data Name="UserContext">cussonsh</Data>
< /EventData> < /Event>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
EventData 位于 EventRecord.Properties。即在你的情况下它将是 eventRec.Properties。
但这些Properties是IList,而EventProperty类只有一个值字段,而没有名称。而且我不确定如何找回它......
但您仍然应该能够使用 EventRecord .ToXml() 方法来获取 XML 表示形式(与您所展示的完全一样),然后从该 XML 中检索名称/值。
EventData is in EventRecord.Properties. I.e. in your case it would be eventRec.Properties.
But those Properties are IList, and EventProperty class has only a value field, but not the name. And I'm not sure how you can retrieve it...
But you should still be able to use EventRecord.ToXml() method to get an XML representation (exactly like you showed) and then retrieve names/values from that XML.