你的位置:首页 > ASP.net教程

[ASP.net教程]C#通过WMI的wind32 的API函数实现msinfo32的本地和远程计算机的系统日志查看功能


先不说如何实现,先来看看效果图:

读取远程的需要提供下远程的计算用户名和密码即可。

如何实现这个代码功能,请看如下代码部分:

实体类:

using System;using System.Collections.Generic;using System.Linq;using System.Text;namespace GetDNSListTool{  public class EventLogEntity  {    string strEventType = string.Empty;     /// <summary>    /// 日志类型    /// </summary>    public string EventType    {      get { return strEventType; }      set { strEventType = value; }    }    string strTimeWritten = string.Empty;     /// <summary>    /// 日志日期    /// </summary>    public string TimeWritten    {      get { return strTimeWritten; }      set { strTimeWritten = value; }    }    string strCategory = string.Empty;     /// <summary>    /// 日志种类    /// </summary>    public string Category    {      get { return strCategory; }      set { strCategory = value; }    }    string strSourceName = string.Empty;     /// <summary>    /// 日志来源    /// </summary>    public string SourceName    {      get { return strSourceName; }      set { strSourceName = value; }    }    /// <summary>    /// Eevnet ID    /// </summary>    string strEventIdentifier = string.Empty;     public string EventIdentifier    {      get { return strEventIdentifier; }      set { strEventIdentifier = value; }    }    string strRecordNumber = string.Empty;     /// <summary>    /// 行号    /// </summary>    public string RecordNumber    {      get { return strRecordNumber; }      set { strRecordNumber = value; }    }    string strEventCode = string.Empty;     /// <summary>    /// 日志编码    /// </summary>    public string EventCode    {      get { return strEventCode; }      set { strEventCode = value; }    }    string strCategoryString = string.Empty;    /// <summary>    /// CategoryString    /// </summary>    public string CategoryString    {      get { return strCategoryString; }      set { strCategoryString = value; }    }    string strMessage = string.Empty;    /// <summary>    /// 详细错误    /// </summary>    public string Message    {      get { return strMessage; }      set { strMessage = value; }    }  }}

#region//格式化信息类别    /// <summary>    /// 格式化信息类别    /// </summary>    /// <param name="val"></param>    /// <returns></returns>    private string GetEventTypeString(NTLogEvent.EventTypeValues val)    {      switch (val)      {        case NTLogEvent.EventTypeValues.Error:          return EventTypeDescription.Error;        case NTLogEvent.EventTypeValues.Warning:          return EventTypeDescription.Warning;        case NTLogEvent.EventTypeValues.Information:          return EventTypeDescription.Information;        case NTLogEvent.EventTypeValues.Security_audit_success:          return EventTypeDescription.SuccessAudit;        case NTLogEvent.EventTypeValues.Security_audit_failure:          return EventTypeDescription.FailureAudit;        default:          return EventTypeDescription.Unknown;      }    }    #endregion

#region//获取日志文件    /// <summary>    /// 获取日志文件    /// </summary>    /// <param name="topNumber">多少条</param>    /// <param name="eventCode">事件ID</param>    /// <param name="startTime">开始时间</param>    /// <param name="endTime">结束时间</param>    /// <returns>返回集合</returns>    public List<EventLogEntity> GetEventLogList(int topNumber, string eventCode,      string startTime, string endTime)    {      List<EventLogEntity> logList = new List<EventLogEntity>();      try      {        //条件语句        StringBuilder query = new StringBuilder();        StringBuilder strWhere = new StringBuilder();        query.Append("select EventType, TimeWritten, Category, SourceName, EventIdentifier, RecordNumber,CategoryString,EventCode,Message from Win32_NTLogEvent ");        //日志ID        if (!string.IsNullOrEmpty(eventCode))        {          strWhere.Append(" AND eventCode = '");          strWhere.Append(eventCode);          strWhere.Append("'");        }        //开始日期        if (!string.IsNullOrEmpty(startTime))        {          strWhere.Append(" AND TimeWritten>= '");          strWhere.Append(getDmtfFromDateTime(startTime));          strWhere.Append("'");        }        //结束日期        if (!string.IsNullOrEmpty(endTime))        {          strWhere.Append(" AND TimeWritten<= '");          strWhere.Append(getDmtfFromDateTime(endTime));          strWhere.Append("'");        }        string laststrWhere = strWhere.ToString();        //如果有检索条件        if (!string.IsNullOrEmpty(laststrWhere))        {          laststrWhere = " where " + laststrWhere.Substring(4);        }        //组合条件        query.Append(laststrWhere);        //值        ManagementObjectCollection moCollection = null;        //如果是本地        if (isLocal)        {          ManagementScope scope = new ManagementScope(scopePath);          scope.Connect();          ObjectQuery objectQuery = new ObjectQuery(query.ToString());          //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合          ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);          //异步调用WMI查询          moCollection = Searcher.Get();        }        //表示远程        else        {          //设定通过WMI要查询的内容          ObjectQuery Query = new ObjectQuery(query.ToString());          //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合          ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);          //异步调用WMI查询          moCollection = Searcher.Get();        }        //循环        if (moCollection != null)        {                   //计数器          int i = 0;          //foreach          foreach (ManagementObject mObject in moCollection)          {            //如果i==topNumber就退出循环            if (i == topNumber)            {              break;            }            EventLogEntity eventLog = new EventLogEntity();            //日志类型            eventLog.EventType = mObject["EventType"] == null ? string.Empty :              GetEventTypeString(((NTLogEvent.EventTypeValues)(System.Convert.ToInt32(mObject["EventType"]))));            //日志种类            eventLog.Category = mObject["Category"] == null ? string.Empty :              mObject["Category"].ToString();            //日志种类            eventLog.CategoryString = mObject["CategoryString"] == null ? string.Empty :              mObject["CategoryString"].ToString();            //日志编码            eventLog.EventCode = mObject["EventCode"] == null ? string.Empty :              mObject["EventCode"].ToString();            //日志ID            eventLog.EventIdentifier = mObject["EventIdentifier"] == null ? string.Empty :              mObject["EventIdentifier"].ToString();            //行号            eventLog.RecordNumber = mObject["RecordNumber"] == null ? string.Empty :              mObject["RecordNumber"].ToString();            //日期            eventLog.TimeWritten = mObject["TimeWritten"] == null ? string.Empty :              getDateTimeFromDmtfDate(mObject["TimeWritten"].ToString());                       //日志来源            eventLog.SourceName = mObject["SourceName"] == null ? string.Empty :              mObject["SourceName"].ToString();            //详细错误            eventLog.Message = mObject["Message"] == null ? string.Empty :              mObject["Message"].ToString();            //add            logList.Add(eventLog);            //            //            i++;          }        }      }      catch (Exception ex)      {        throw ex;      }      //      return logList;    }    #endregion    #region//根据行号检索错误信息    /// <summary>    /// 根据行号检索错误信息    /// </summary>    /// <param name="recordNumber">行号</param>    /// <returns>返回错误信息</returns>    public string GetErrMsg(uint recordNumber)    {      string Msg = string.Empty;      try      {        //条件语句        StringBuilder query = new StringBuilder();        query.Append("select Message, InsertionStrings from Win32_NTLogEvent where ");        query.Append(" RecordNumber='");        query.Append(recordNumber);        query.Append("'");        //值        ManagementObjectCollection moCollection = null;        //如果是本地        if (isLocal)        {          ManagementScope scope = new ManagementScope(scopePath);          scope.Connect();          ObjectQuery objectQuery = new ObjectQuery(query.ToString());          //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合          ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, objectQuery);          //异步调用WMI查询          moCollection = Searcher.Get();        }        //表示远程        else        {          //设定通过WMI要查询的内容          ObjectQuery Query = new ObjectQuery(query.ToString());          //WQL语句,设定的WMI查询内容和WMI的操作范围,检索WMI对象集合          ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Ms, Query);          //异步调用WMI查询          moCollection = Searcher.Get();        }        //检索错误信息        foreach (ManagementObject mObject in moCollection)        {          //错误信息          string message = mObject["Message"] == null ?            string.Empty : mObject["Message"].ToString();          //错误信息          string[] insertionStrings =mObject["InsertionStrings"]==null?null:            (string[])mObject["InsertionStrings"];          //如果有错误信息          if (string.IsNullOrEmpty(message))          {            if (insertionStrings.Length > 0)            {              StringBuilder sb = new StringBuilder();              for (int i = 0; i < insertionStrings.Length; i++)              {                sb.Append(insertionStrings[i]);                sb.Append(" ");              }              Msg = sb.ToString();            }                     }          else          {            Msg= message;          }        }      }      catch      {      }      //return      return string.IsNullOrEmpty(Msg) ? "无错误信息,请与管理员联系核对!" : Msg;    }    #endregion