我试图从事件查看器中获取条目。我现在正在获取数据,但是如果可能的话,我需要知道。首先是例子:
Console.WriteLine("[Index]\t\t" + entry.Index +
"\n[EventID]\t" + entry.InstanceId +
"\n[TimeWritten]\t" + entry.TimeWritten +
"\n[MachineName]\t" + entry.MachineName +
"\n[Source]\t" + entry.Source +
"\n[UserName]\t" + entry.UserName +
"\n[Message]\t" + entry.Message +
"\n---------------------------------------------------\n");
}
输出
[EventID] 4719
[TimeWritten] 8/20/2014 5:31:46 PM
[MachineName] pcname
[Source] Microsoft-Windows-Security-Auditing
[UserName]
[Message] System audit policy was changed.
Subject:
**Security ID:** S-1-5-18
Account Name: pcname$
**Account Domain:** WORKGROUP
Logon ID: 0x3e7
Audit Policy Change:
Category: %%8273
Subcategory: %%12544
Subcategory GUID: {0CCE9215-69AE-11D9-BED3-505054503030}
Changes: %%8449, %%8451
现在我想要的是获取有关消息的特定信息,如
**Security ID:** **Account Domain:**.
Theres有些方法允许我从[message] ??
中仅提取它答案 0 :(得分:0)
你可以试试这个:
string[] mMessage = e.Entry.Message.Split(new string[] { "\r\n" }, StringSplitOptions.None);
for (i=0; i<=mMessage.count; i++)
{
if (mMessage[i] == "Account Domain")
{
Console.WriteLine(mMessage[i]);
}
}