Created
July 2, 2021 07:34
-
-
Save farukyildiz/f09b400c48e9c1233d5d42a1ec7ac5a4 to your computer and use it in GitHub Desktop.
Get Event Viewer Logs with C#
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try | |
| { | |
| Boolean Stop = false; | |
| var startTime = DateTime.Now.AddMinutes(-5); | |
| Dictionary<string, string> adUsers = new Dictionary<string, string>(); | |
| while (!Stop) | |
| { | |
| var endTime = DateTime.Now; | |
| ListLogs.Items.Add(startTime + " ile " + endTime + " zamanları arası log sorgusu yapılacak."); | |
| var query = string.Format("*[System[TimeCreated[@SystemTime >= '{0}']]] and *[System[TimeCreated[@SystemTime <= '{1}']]] and *[System[(EventID=4624 or EventID=4648 or EventID=4768 or EventID=4769 or EventID=4770 or EventID=4728 or EventID=4729)]]", | |
| startTime.ToUniversalTime().ToString("o"), | |
| endTime.ToUniversalTime().ToString("o")); | |
| startTime = endTime; | |
| EventLogQuery eventsQuery = new EventLogQuery("Security", PathType.LogName, query); | |
| EventLogReader logReader = new EventLogReader(eventsQuery); | |
| _lastReadTime = DateTime.UtcNow; | |
| ListLogs.Items.Add("Sorgu işlemi tamamlandı."); | |
| for (EventRecord eventdetail = logReader.ReadEvent(); eventdetail != null; eventdetail = logReader.ReadEvent()) | |
| { | |
| eventID = eventdetail.Id; | |
| detailsXML = eventdetail.ToXml(); | |
| taskCategory = eventdetail.TaskDisplayName.ToString(); | |
| timestamp = eventdetail.TimeCreated.Value; | |
| source = eventdetail.ProviderName; | |
| levelString = eventdetail.LevelDisplayName; | |
| logName = eventdetail.LogName; | |
| XmlDocument xmlDoc = new XmlDocument(); | |
| string myXML = detailsXML.ToString(); | |
| xmlDoc.LoadXml(myXML); | |
| XmlNodeList eventNode = xmlDoc.GetElementsByTagName("Event"); | |
| foreach (XmlNode firstNode in eventNode) | |
| { | |
| XmlNodeList firstNodeChildren = firstNode.ChildNodes; | |
| IPAddress ip; | |
| string userName = ""; | |
| string ipAddress = ""; | |
| foreach (XmlNode secondNode in firstNodeChildren) | |
| { | |
| if (secondNode.Name == "EventData" && eventID != 4728 && eventID != 4729) | |
| { | |
| XmlNodeList secondNodeChildren = secondNode.ChildNodes; | |
| foreach (XmlNode eventDataNode in secondNodeChildren) | |
| { | |
| XmlAttributeCollection eventDataAttributes = eventDataNode.Attributes; | |
| if (eventDataAttributes.Item(0).Value == "TargetUserName") | |
| { | |
| if (!eventDataNode.InnerText.Contains("$")) | |
| { | |
| userName = eventDataNode.InnerText; | |
| } | |
| } | |
| else if (eventDataAttributes.Item(0).Value == "IpAddress") | |
| { | |
| ipAddress = eventDataNode.InnerText; | |
| if (userName != "" && eventDataNode.InnerText != "" && IPAddress.TryParse(ipAddress, out ip) && !eventDataNode.InnerText.Contains(":")) | |
| { | |
| if(adUsers.ContainsKey(userName)) | |
| { | |
| adUsers[userName] = ipAddress | |
| } | |
| else | |
| { | |
| adUsers.Add(userName, ipAddress); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| ListLogs.Items.Add("Bir sonra ki sorgu işlemi için bekleniyor. (5)"); | |
| for (int j = 0; j < 5; ++j) | |
| { | |
| ListLogs.Items[ListLogs.Items.Count - 1] = "Bir sonra ki sorgu işlemi için bekleniyor. (" + (5 - j).ToString() + ")"; | |
| int visibleItems = ListLogs.ClientSize.Height / ListLogs.ItemHeight; | |
| ListLogs.TopIndex = Math.Max(ListLogs.Items.Count - visibleItems + 1, 0); | |
| Thread.Sleep(1000); | |
| } | |
| } | |
| } | |
| catch (Exception exc) | |
| { | |
| MessageBox.Show(exc.Message.ToString()); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment