System.Diagnostics.Eventing.Reader 命名空间

使用 System.Diagnostics.Eventing.Reader 命名空间可以开发用于读取和管理事件日志的应用程序。 Using the System.Diagnostics.Eventing.Reader namespace, you can develop applications that read and manage event logs. 事件日志中的事件包含由特定应用程序、服务或操作系统组件发布的信息、警告或错误。 An event in an event log contains information, a warning, or an error that has been published by a specific application, service, or operating system component. 这些事件由监视计算机运行状况的应用程序读取,还可以由发生特定事件时执行操作的应用程序读取。 These events are read by applications that monitor a computer's health and applications that take action when specific events occur. 有关详细信息,请参阅读取和管理事件日志的技术摘要事件日志方案 For more information, see Technology Summary for Reading and Managing Event Logs and Event Log Scenarios.

EventBookmark

表示事件流中的占位符(书签)。Represents a placeholder (bookmark) within an event stream. 可以使用此占位符在事件流中标记一个位置并返回到此位置。You can use the placeholder to mark a position and return to this position in a stream of events. 此对象的实例可以从 EventRecord 对象获得,在这种情况下它对应于该事件记录的位置。An instance of this object can be obtained from an EventRecord object, in which case it corresponds to the position of that event record.

EventKeyword

表示事件的关键字。Represents a keyword for an event. 关键字在事件提供程序中定义,用于按事件的用法将此事件与其他类似事件分到一组中。Keywords are defined in an event provider and are used to group the event with other similar events (based on the usage of the events).

EventLevel

包含在事件提供程序中定义的事件级别。Contains an event level that is defined in an event provider. 级别表示事件的严重性。The level signifies the severity of the event.

EventLogConfiguration

包含事件日志的静态信息和配置设置。Contains static information and configuration settings for an event log. 许多配置设置是由创建日志的事件提供程序定义的。Many of the configurations settings were defined by the event provider that created the log.

EventLogException

表示在读取事件日志相关信息的过程中发生错误时引发的所有异常的基类。Represents the base class for all the exceptions that are thrown when an error occurs while reading event log related information.

EventLogInformation

允许您访问活动事件日志和事件日志文件的运行时属性。Allows you to access the run-time properties of active event logs and event log files. 这些属性包括日志中的事件数、日志大小、确定日志是否已满的值以及上次写入或访问日志的时间。These properties include the number of events in the log, the size of the log, a value that determines whether the log is full, and the last time the log was written to or accessed.

EventLogInvalidDataException

表示在事件提供程序发布事件中的无效数据时引发的异常。Represents the exception thrown when an event provider publishes invalid data in an event.

EventLogLink

表示事件提供程序与此提供程序要将事件发布到的事件日志之间的链接。Represents a link between an event provider and an event log that the provider publishes events into. 无法实例化此对象。This object cannot be instantiated.

EventLogNotFoundException

表示在请求的事件日志(通常由事件日志的名称或事件日志文件的路径来指定)不存在时引发的异常。Represents the exception that is thrown when a requested event log (usually specified by the name of the event log or the path to the event log file) does not exist.

EventLogPropertySelector

包含表示事件的 XML 表示形式中的元素的 XPath 查询的字符串数组,事件的 XML 表示形式基于 Event Schema(事件架构)。Contains an array of strings that represent XPath queries for elements in the XML representation of an event, which is based on the Event Schema. 此对象中的查询用于从事件中提取值。The queries in this object are used to extract values from the event.

EventLogProviderDisabledException

表示当指定的事件提供程序名称引用禁用的事件提供程序时引发的异常。Represents the exception that is thrown when a specified event provider name references a disabled event provider. 禁用的事件提供程序不能发布事件。A disabled event provider cannot publish events.

EventLogQuery

表示事件日志中的事件的查询以及定义如何执行查询和在哪台计算机上执行查询的设置。Represents a query for events in an event log and the settings that define how the query is executed and on what computer the query is executed on.

EventLogReader

允许根据事件查询从事件日志读取事件。Enables you to read events from an event log based on an event query. 此对象读取的事件作为 EventRecord 对象返回。The events that are read by this object are returned as EventRecord objects.

EventLogReadingException

表示在读取、查询或订阅事件日志中的事件的过程中发生错误时引发的异常。Represents an exception that is thrown when an error occurred while reading, querying, or subscribing to the events in an event log.

EventLogRecord

包含从 EventLogReader 对象接收的事件的事件实例的属性。Contains the properties of an event instance for an event that is received from an EventLogReader object. 这些事件属性提供有关事件的信息,例如记录事件的计算机的名称和事件的创建时间。The event properties provide information about the event such as the name of the computer where the event was logged and the time that the event was created.

EventLogSession

用于访问本地计算机或远程计算机上的事件日志服务,以便您可以管理和收集有关计算机上的事件日志和事件提供程序的信息。Used to access the Event Log service on the local computer or a remote computer so you can manage and gather information about the event logs and event providers on the computer.

EventLogStatus

包含特定事件日志的状态代码或错误代码。Contains the status code or error code for a specific event log. 此状态可用来确定事件日志是否可用于操作。This status can be used to determine if the event log is available for an operation.

EventLogWatcher

允许您订阅传入事件。Allows you to subscribe to incoming events. 每次将所需事件发布到事件日志中时,都会引发 EventRecordWritten 事件,并将执行处理此事件的方法。Each time a desired event is published to an event log, the EventRecordWritten event is raised, and the method that handles this event will be executed.

EventMetadata

包含在事件提供程序中定义的事件的元数据(属性和设置)。Contains the metadata (properties and settings) for an event that is defined in an event provider.

EventOpcode

包含在事件提供程序中定义的事件操作码。Contains an event opcode that is defined in an event provider. 操作码定义一个数值,该数值标识应用程序在引发事件时正在执行的活动或活动中的点。An opcode defines a numeric value that identifies the activity or a point within an activity that the application was performing when it raised the event.

EventProperty

包含发布事件时事件提供程序指定的事件属性的值。Contains the value of an event property that is specified by the event provider when the event is published.

EventRecord

定义从 EventLogReader 对象接收的事件的事件实例的属性。Defines the properties of an event instance for an event that is received from an EventLogReader object. 事件属性提供有关事件的信息,例如记录事件的计算机的名称和事件的创建时间。The event properties provide information about the event such as the name of the computer where the event was logged and the time the event was created. 此类是一个抽象类。This class is an abstract class. EventLogRecord 类实现此类。The EventLogRecord class implements this class.

EventRecordWrittenEventArgs

当引发 EventRecordWritten 事件时,此对象的实例将传递给处理该事件的委托方法。When the EventRecordWritten event is raised, an instance of this object is passed to the delegate method that handles the event. 此对象包含发布到事件日志的事件或事件订阅失败时发生的异常。This object contains the event that was published to the event log or the exception that occurred when the event subscription failed.

EventTask

包含在事件提供程序中定义的事件任务。Contains an event task that is defined in an event provider. 任务标识发布事件的应用程序或组件的一部分。The task identifies a portion of an application or a component that publishes an event. 任务是一个保留了前 16 个值的 16 位值。A task is a 16-bit value with 16 top values reserved.

ProviderMetadata

包含有关事件提供程序的静态信息,例如提供程序的名称和 ID 以及在提供程序中定义的事件的集合。Contains static information about an event provider, such as the name and id of the provider, and the collection of events defined in the provider.

枚举

EventLogIsolation

定义事件日志的默认访问权限。 应用程序和系统值指示,日志与相应的 Windows 日志(应用程序或系统事件日志)共享访问控制列表 (ACL),并与同一隔离的其他日志共享 Windows 事件跟踪 (ETW) 会话。 具有自定义隔离的所有信道均使用专用 ETW 会话。All channels with Custom isolation use a private ETW session.

EventLogMode

确定事件日志服务在日志达到其允许的最大大小时(事件日志已满时)处理事件日志的行为。Determines the behavior for the event log service handles an event log when the log reaches its maximum allowed size (when the event log is full).

EventLogType

定义在事件日志中记录的事件的类型。 每个日志只能包含一种类型的事件。Each log can only contain one type of event.

PathType

指定字符串是包含事件日志的名称,还是包含事件日志文件的文件系统路径。Specifies that a string contains a name of an event log or the file system path to an event log file.

SessionAuthentication

定义在对服务器进行远程过程调用 (RPC) 登录期间使用的身份验证类型的值。 在创建指定与远程计算机的连接的 EventLogSession 对象时进行此登录。This login occurs when you create a EventLogSession object that specifies a connection to a remote computer.

StandardEventKeywords

定义事件提供程序将其附加到事件的标准关键字。 有关关键字的更多信息,请参见 EventKeywordFor more information about keywords, see EventKeyword.

StandardEventLevel

定义事件日志服务中使用的标准事件级别。 级别定义事件的严重性。 自定义事件级别可以采用这些标准级别以外的级别来定义。 有关级别的更多信息,请参见 EventLevelFor more information about levels, see EventLevel.

StandardEventOpcode

定义事件提供程序将其附加到事件的标准操作码。 有关操作码的更多信息,请参见 EventOpcodeFor more information about opcodes, see EventOpcode.

StandardEventTask

定义事件提供程序将其附加到事件的标准任务。 有关任务的更多信息,请参见 EventTaskFor more information about tasks, see EventTask.