4

I need to save windows event logs in some file, now i am using:

var els = new EventLogSession();
els.ExportLogAndMessages("Application", PathType.LogName, "*", Path.Combine("c:\\Application.evtx"), false, CultureInfo.CurrentCulture);

this works fine but i want to get logs between DateTime range, i suspect that 3rd parameter in ExportLogAndMessages "query" may help me.

now how to write this "query", and if "query" doesn't help is there anyway to do that.

4

2 回答 2

4

Both pages aren't very helpful as the query syntax isn't clear.

You can right-click any log in the Event Viewer and choose "Filter Current Log...", when you create a filter you'll see the underlying xml in the next tab. You can use it as your query.

于 2013-05-13T13:22:11.087 回答
2

These links can help you to form your query:

How to: Query for Events

Event Queries and Event XML

You should compose a query to get events in some date range only.

I think you can use: TimeCreated parameter in your query.

于 2013-03-30T15:56:09.477 回答