本文介绍了如何在C#中审核Windows安全事件日志的失败事件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要在记录日志时立即访问Window log-> Security事件下的Audit Failure,有什么方法可以在记录日志时立即捕获它.我需要访问实时尝试.
目前,我正在从c#中的EventLogEntry类读取此内容,但是当Audit Failure发生时,我需要我的应用程序才能运行.

i need to access Audit Failure under Window log -> Security event instantly when it logs, is there any way to capture it instantly when it logs. i need to access real time attempts.
currently i am reading this from EventLogEntry class in c#, but i need a my application to run when Audit Failure occurs.

 foreach (EventLogEntry entry in log.Entries)
   {
     if (entry.EntryType==EventLogEntryType.FailureAudit)
       {
          ///
       }
   }

类似的东西:

    EventLog myNewLog = new EventLog();
    myNewLog.Log = "MyCustomLog";

    myNewLog.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten);
    myNewLog.EnableRaisingEvents = true;

事件日志事件,像这样的一些事件我也想触发Windows日志

Event log events, some like this i want to trigger windows log also

推荐答案

您可以使用 EventLog.GetEventLogs()方法:

class Program
{
    static void Main(string[] args)
    {
        EventLog log = EventLog.GetEventLogs().First(o => o.Log == "Security");
        log.EnableRaisingEvents = true;
        log.EntryWritten += (s, e) => { Console.WriteLine(e.Entry.EntryType); };
        Console.WriteLine(log.LogDisplayName);
        Console.ReadKey();
    }
}

这篇关于如何在C#中审核Windows安全事件日志的失败事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-07 04:40