什么是检查，如果事件在一段时间内被记录在事件日志中最简单的方法？

我想执行一系列的自动化测试步骤，然后检查是否有错误被记录到应用程序事件日志中，忽略了几个来源，我没兴趣，我可以用System.Diagnostics.EventLog再看看在项集合，但它似乎并不十分可用此方案。例如Entries.Count可以得到较小随着时间的推移，如果事件日志中删除旧条目。编号preFER某种方式或者查询日志或监视它用于在一段时间内的变化。例如

 的日期时间开始= DateTime.Now;
//做一些东西...
的foreach（在CleverSolution.EventLogEntriesSince EventLogEntry项（开始，应用程序））
{
  //现在我可以做的东西有条目，或者无视如果它的来源是
  //我不关心。
  // ...
}
 

解决方案

只是做一个好公民，维基和努力完成的，还有其他办法。我不认为它前面，因为它是完整的矫枉过正的东西，只会在内部作为测试套件的一部分运行，而你说的没错，在标题你想要的东西容易。

但是，如果你需要，因为它们发生在航运code看到的事件，请继续阅读。信不信由你还有的三的不同的Windows API为这件事情在这一点上。

NotifyChangeEventLog（）

有这样的事情原来的API调用 NotifyChangeEventLog （）并获得支持开始在Windows 2000中基本上使用的 WIN32事件日志来打开事件日志，然后调用这个API与您通过其他API和事件处理被给予处理。当有来看待新的事件日志条目Windows会显示你的事件。

我从来没有使用过这个API我自己，因为我的大部分兴趣是在偏远的事件日志访问这个API不明确的没有的支持远程登录。然而，API的设置，其余这属于的确实的让你按顺序读取远程日志，如果你有正确的权限。

Windows管理规范

第二种方法是使用 Windows管理规范API 和这并支持本地和远程的日志。这是一个COM / DCOM基于API，它已经存在了好几年的Windows和.NET框架已经在的 System.Management 命名空间。你做什么基本上是创建一个 EventQuery ，看起来为中的 Win32_NTLogEvent 。这些外观将显示新的事件日志条目，他们将present pretty的多是实时的。对这些对象的属性包含日志条目的所有细节。有一个从MSDN杂志的一篇文章，谈到这个东西在玩弄Visual Studio中。

此外，这将是总矫枉过正一个测试应用程序，它需要更为code比现有的解决方案。但几年前，我写了一个子系统所使用这个API的DCOM的味道来收集事件日志关闭所有服务器的网络上，所以我们可以提醒在特定的一些网络管理应用程序。这是pretty的光滑和织补接近实时。如果您在C ++中使用DCOM实现这一点，是ppared处理多线程单元和​​大量的毛茸茸的逻辑，如果/检测$ P $当您连接到远程服务器的上升或下降。

Windows Vista的事件日志

的Windows Vista（和Server 2008）必须与事件日志和跟踪了一个全新的API套件。该新的事件日志这里记录。它看起来像有一个名为EvtSubscribe一个API，允许您认购事件的。我没有使用这个API，所以我可以在它的利弊没有发表评论。

What is the easiest way to check if events have been logged in the eventlog during a period of time?

I want to perform a series of automated test steps and then check if any errors were logged to the Application Event Log, ignoring a few sources that I'm not interested in. I can use System.Diagnostics.EventLog and then look at the Entries collection, but it doesn't seem very useable for this scenario. For instance Entries.Count can get smaller over time if the event log is removing old entries. I'd prefer some way to either query the log or monitor it for changes during a period of time. e.g.

DateTime start = DateTime.Now;
// do some stuff...
foreach(EventLogEntry entry in CleverSolution.EventLogEntriesSince(start, "Application"))
{ 
  // Now I can do stuff with entry, or ignore if its Source is one
  // that I don't care about.
  // ...
}

Just to be a good Wiki citizen and strive for completion, there are other ways. I didn't suggest it earlier because it is complete overkill for something that is only going to be run in-house as part of a test suite, and you said right in the title you wanted something easy.

But if you need to see events as they occur in shipping code, read on. Believe it or not there are three different Windows APIs for this thing at this point.

NotifyChangeEventLog()

The original API for this sort of thing is called NotifyChangeEventLog() and it was supported starting in Windows 2000. Essentially you use the WIN32 event log APIs to open the event log, then you call this API with the handle you were given by the other API and an event handle. Windows will signal your event when there are new event log entries to look at.

I never used this API myself, because most of my interest was in remote event log access and this API explicitly does not support remote logs. However, the rest of the API set this belongs to does let you sequentially read remote logs if you have the right permissions.

Windows Management Instrumentation

A second way is to use the Windows Management Instrumentation API, and this does support both local and remote logs. This is a COM/DCOM based API that has existed for several years in Windows, and the .NET Framework has a nice implementation of it in the System.Management namespace. Essentially what you do is create an EventQuery that looks for the appearance of new WMI objects of type (meaning within the WMI type system) of Win32_NTLogEvent. The appearance of these will indicate new event log entries, and they will present pretty much in real time. The attributes on these objects contain all the details of the log entry. There's an article from MSDN magazine that talks about playing around with this stuff in Visual Studio.

Again, this would be total overkill for a test application, it would require far more code than your existing solution. But years ago I wrote a subsystem for a network management application that used the DCOM flavor of this API to gather the event logs off of all the servers on a network so we could alert on particular ones. It was pretty slick and darn near real time. If you implement this in C++ with DCOM, be prepared to deal with Multithreaded Apartments and a lot of hairy logic to detect if/when your connection to the remote server goes up or down.

Windows Vista Event Log

Windows Vista (and Server 2008) have a whole new API suite relating to event logging and tracing. The new event log is documented here. It looks like there is an API called EvtSubscribe that allows you to subscribe to events. I have not used this API so I can't comment on its pros and cons.