Detect when a new event is logged in Windows_问答_开发者

Detect when a new event is logged in Windows

开发者 https://www.devze.com 2023-04-09 03:49 出处：网络

How would i detect in my application, when a new event is logged in the windows event log. Currently i\'m running a timer ever 5 minutes to check for new events but it would be much better if i can de

How would i detect in my application, when a new event is logged in the windows event log. Currently i'm running a timer ever 5 minutes to check for new events but it would be much better if i can detect new events in realti开发者_如何转开发me using WMI or .net

Thanks

You need to set up a WMI Temporary Event Consumer in your app. Note that to monitor the Event Log you will need to request the SeSecurityPrivilege in your WMI connection (as it's possible you could receive events from the Security log, which require this permission)

These are some example WQL queries:

// See all events:
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'

// Catch only specific events: 4202 is a network transport failure
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.EventCode=4202

// Catch only events from a specific source: in this case WMI itself.
select * from __InstanceCreationEvent where TargetInstance ISA 'Win32_NTLogEvent'
     and TargetInstance.SourceName='WinMgmt'