我有一个使用 WMI 查询语言查询日志文件的 c++ 应用程序。我查询了 Wmi32_NTLogEvent 类并检索了一些信息。问题是我无法从日志文件中读取所有属性。当我将日志文件转换为 csv 文件时,它包含以下标题
"Message","Id","Version","Qualifiers","Level","Task","Opcode","Keywords","RecordId","ProviderName","ProviderId","LogName","ProcessId","ThreadId","MachineName","UserId","TimeCreated","ActivityId","RelatedActivityId","ContainerLog","MatchedQueryIds","Bookmark","LevelDisplayName","OpcodeDisplayName","TaskDisplayName","KeywordsDisplayNames","Properties"
单个日志文件条目如下:
"Windows service started.","0",,"0","4","0",,"36028737058963468","98","DigitalDelivery",,"Dell",,,"vignesh",,"14-01-2018 11:06:35",,,"c:\windows.old\windows\system32\winevt\logs\dell.evtx","System.UInt32[]","System.Diagnostics.Eventing.Reader.EventBookmark","Information","Info",,"System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]","System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]"
使用 Win32_NTLogEvent 类中给出的属性,我只能读取少数属性(即标题),并且它不包含有关关键字、ProcessId、ThreadId、Bookmark、LevelDisplayName、KeyWordDisplayName、Properties 等属性的信息。我如何阅读所有这些缺失的属性