读取windows系统日志的三种方式(powershellperlc#)

很易做图的写了三遍，用三种语言
—————————-C# ——————————-

using System;
using System.Diagnostics;
using System.Security;
using System.Text;
namespace glog
{
class Program
{
static void Main(string[] args)
{
String machine = "."; // local machine
Console.WriteLine("			Windows Log picker
				by Xti9er
");
Console.WriteLine("-------------------------------------------------------------
");
if (args.Length == 1)
{
if (args[0]=="application"||args[0]=="system"||args[0]=="security")
{
String log = args[0];
EventLog aLog = new EventLog(log, machine);
EventLogEntry entry;
EventLogEntryCollection entries = aLog.Entries;
for (int i = 0; i < entries.Count; i++)
{
entry = entries[i];
Console.WriteLine("[Index]	" + entry.Index +
"
[EventID]	" + entry.EventID +
"
[TimeWritten]	" + entry.TimeWritten +
"
[MachineName]	" + entry.MachineName +
"
[Source]	" + entry.Source +
"
[UserName]	" + entry.UserName +
"
[Message]	" + entry.Message +
"
---------------------------------------------------
");
}
}
else
{
Console.WriteLine("Usage:glog.exe system(application,security)
");
}
}
else{
Console.WriteLine("Usage:glog.exe system(application,security)
");
}
}
}
}
—————————-perl——————————-
use Win32::EventLog;
my $logname=shift||die "$0 system(applicationsecurity)";
open(LOGF,"+>>$logname.txt") or goto GETLOGEND;
$handle=Win32::EventLog->new($logname, $ENV{ComputerName})
or die "Cant open Application EventLog
";
$handle->GetNumber($recs)
or die "Cant get number of EventLog records
";
$handle->GetOldest($base)
or die "Cant get number of oldest EventLog record
";
while ($x < $recs) {
$handle->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,
$base+$x,
$hashRef)
or die "Cant read EventLog entry #$x
";
print LOGF localtime($hashRef->{Timewritten})." $hashRef->{EventType} $hashRef->{Category} $hashRef->{Source}";
Win32::EventLog::GetMessageText($hashRef);
my $log_Message=$hashRef->{Message};
$log_Message=~s/
//g;
$log_Message=~s///g;
print LOGF $log_Message."
";
$x++;
}
close LOGF;
GETLOGEND:
—————————-powershell——————————-
Get-EventLog system|foreach -process{echo $_.Index,$_.EventID,$_.TimeWritten,$_.MachineName,$_.Source,$_.UserName,$_.Message,"----------------"}
 

补充：综合编程 , 安全编程 ,

上一个：从判断Session[ UserName ].ToString()为null和 所想到的
下一个：列出内网的中计算机（工作组也可以）