显示事件收集器订阅的状态
可以显示事件收集器订阅的状态。 状态包括订阅的可用性、订阅发生的最后一个错误、上次错误的时间以及下一次重试订阅的时间。
注意
可以使用此示例来显示订阅的状态,也可以在命令提示符下键入以下命令:
wecutil grSubscriptionName
需要订阅的名称才能显示其状态。 若要列出本地计算机上当前订阅的名称,可以使用 列出事件收集器订阅中显示的 C++ 示例,也可以在命令提示符下键入以下命令:
wecutil es
以下示例遵循一个过程来显示事件收集器订阅的状态:
显示事件收集器订阅的状态
- 通过将订阅名称和访问权限作为参数提供给 EcOpenSubscription 函数来打开订阅。 有关访问权限的详细信息,请参阅 Windows 事件收集器常量。
- 通过调用 EcGetSubscriptionRunTimeStatus 函数获取订阅的状态, (在调用函数) 时不指定事件源。
- 通过调用 EcGetSubscriptionRunTimeStatus 函数并传入 EcSubscriptionRunTimeStatusEventSources 标志,获取订阅的事件源数组。
- 通过调用 EcGetSubscriptionRunTimeStatus 函数并传入事件源名称来获取每个事件源的状态信息。 有关可检索的状态信息的详细信息,请参阅 EC_SUBSCRIPTION_RUNTIME_STATUS_INFO_ID 枚举。
- 打印订阅的状态信息。
- 通过调用 EcClose 函数关闭订阅。
以下 C++ 代码示例演示如何显示事件收集器订阅的状态。
#include <iostream>
using namespace std;
#include <windows.h>
#include <EvColl.h>
#include <vector>
#include <string>
#include <strsafe.h>
#pragma comment(lib, "wecapi.lib")
// Track Runtime Status
typedef struct _RUNTIME_STATUS
{
std::wstring ActiveStatus;
DWORD LastError;
std::wstring LastErrorMessage;
std::wstring NextRetryTime;
} RUNTIME_STATUS;
// Subscription Information
DWORD GetStatus(LPCWSTR subscriptionName,
LPCWSTR eventSource,
EC_SUBSCRIPTION_RUNTIME_STATUS_INFO_ID statusInfoID,
DWORD flags,
std::vector<BYTE>& buffer,
PEC_VARIANT& vStatus);
std::wstring ConvertEcDateTime( ULONGLONG code );
void __cdecl wmain()
{
LPVOID lpwszBuffer;
DWORD dwEventSourceCount, dwRetVal = ERROR_SUCCESS;
std::vector<BYTE> buffer;
std::vector<BYTE> eventSourceBuffer;
std::vector<BYTE>::iterator sourceNameIterator;
PEC_VARIANT vStatus, vEventSources;
EC_HANDLE hSubscription;
LPCWSTR lpSubname = L"TestSubscription";
RUNTIME_STATUS runtimeStatus;
std::wstring eventSource;
// Step 1: Open the Event Collector subscription.
hSubscription = EcOpenSubscription(lpSubname,
EC_READ_ACCESS,
EC_OPEN_EXISTING);
if (!hSubscription)
{
dwRetVal = GetLastError();
goto Cleanup;
}
// Get the status values for the entire subscription.
dwRetVal = GetStatus(lpSubname, NULL,
EcSubscriptionRunTimeStatusActive,
0,
buffer,
vStatus);
if (ERROR_SUCCESS != dwRetVal) {
goto Cleanup;
}
wprintf(L"\nEvent Subscription: %s\n", lpSubname);
// Convert the status value to text.
switch (vStatus->UInt32Val)
{
case EcRuntimeStatusActiveStatusActive:
runtimeStatus.ActiveStatus = L"Active";
break;
case EcRuntimeStatusActiveStatusDisabled:
runtimeStatus.ActiveStatus = L"Disabled";
break;
case EcRuntimeStatusActiveStatusInactive:
runtimeStatus.ActiveStatus = L"Inactive";
break;
case EcRuntimeStatusActiveStatusTrying:
runtimeStatus.ActiveStatus = L"Trying";
break;
default:
runtimeStatus.ActiveStatus = L"Unknown Status";
break;
}
wprintf(L"Runtime Status: %s\n", runtimeStatus.ActiveStatus.c_str());
dwRetVal = GetStatus(lpSubname, NULL,
EcSubscriptionRunTimeStatusLastError,
0,
buffer,
vStatus);
if (ERROR_SUCCESS != dwRetVal) {
goto Cleanup;
}
wprintf(L"Last Error: %u\n", vStatus->UInt32Val);
// Step 2: Get the event sources array to query for event source status.
dwRetVal = GetStatus(lpSubname, NULL,
EcSubscriptionRunTimeStatusEventSources,
0,
eventSourceBuffer,
vEventSources);
if (ERROR_SUCCESS != dwRetVal){
goto Cleanup;
}
// Ensure that a handle to the event sources array has been obtained.
if (vEventSources->Type != EcVarTypeNull &&
vEventSources->Type != (EcVarTypeString | EC_VARIANT_TYPE_ARRAY) )
{
dwRetVal = ERROR_INVALID_DATA;
goto Cleanup;
}
dwEventSourceCount = vEventSources->Count;
// Step 3: Get the status of each event source.
for (DWORD I = 0; I < dwEventSourceCount ; I++)
{
eventSource = vEventSources->StringArr[I];
// Get the status of the subscription event source.
dwRetVal = GetStatus(lpSubname,
eventSource.c_str(),
EcSubscriptionRunTimeStatusActive,
0,
buffer,
vStatus);
if (ERROR_SUCCESS != dwRetVal)
{
goto Cleanup;
}
if (vStatus->Type != EcVarTypeUInt32)
{
dwRetVal = ERROR_INVALID_DATA;
goto Cleanup;
}
// Convert the status value to text.
switch (vStatus->UInt32Val)
{
case EcRuntimeStatusActiveStatusActive:
runtimeStatus.ActiveStatus = L"Active";
break;
case EcRuntimeStatusActiveStatusDisabled:
runtimeStatus.ActiveStatus = L"Disabled";
break;
case EcRuntimeStatusActiveStatusInactive:
runtimeStatus.ActiveStatus = L"Inactive";
break;
case EcRuntimeStatusActiveStatusTrying:
runtimeStatus.ActiveStatus = L"Trying";
break;
default:
runtimeStatus.ActiveStatus = L"Unknown Status";
break;
}
// Get the last error that occurred for the subscription.
dwRetVal = GetStatus(lpSubname,
eventSource.c_str(),
EcSubscriptionRunTimeStatusLastError,
0,
buffer,
vStatus);
if(ERROR_SUCCESS != dwRetVal)
{
goto Cleanup;
}
if (vStatus->Type != EcVarTypeUInt32)
{
dwRetVal = ERROR_INVALID_DATA;
goto Cleanup;
}
runtimeStatus.LastError = vStatus->UInt32Val;
// Get the error message for the last error.
dwRetVal = GetStatus(lpSubname,
eventSource.c_str(),
EcSubscriptionRunTimeStatusLastErrorMessage,
0,
buffer,
vStatus);
if (ERROR_SUCCESS != dwRetVal)
{
goto Cleanup;
}
if (vStatus->Type != EcVarTypeNull && vStatus->Type != EcVarTypeString)
{
dwRetVal = ERROR_INVALID_DATA;
goto Cleanup;
}
if (vStatus->Type != EcVarTypeNull)
{
runtimeStatus.LastErrorMessage = vStatus->StringVal;
}
else
{
runtimeStatus.LastErrorMessage = L"";
}
// Get the time when the subscription will be retried.
dwRetVal = GetStatus( lpSubname,
eventSource.c_str(),
EcSubscriptionRunTimeStatusNextRetryTime,
0,
buffer,
vStatus);
if( ERROR_SUCCESS != dwRetVal)
{
goto Cleanup;
}
if (vStatus->Type != EcVarTypeNull && vStatus->Type != EcVarTypeDateTime)
{
dwRetVal = ERROR_INVALID_DATA;
goto Cleanup;
}
if( vStatus->Type != EcVarTypeNull)
{
runtimeStatus.NextRetryTime = ConvertEcDateTime(vStatus->DateTimeVal);
}
else
{
runtimeStatus.NextRetryTime = L"";
}
// Step 4: Print the status information.
wprintf(L"\nEventSource[%u]\n", I);
wprintf(L" Address: %s\n", eventSource.c_str());
wprintf(L" Runtime Status: %s\n", runtimeStatus.ActiveStatus.c_str());
wprintf(L" Last Error: %u\n", runtimeStatus.LastError);
if( 0 != runtimeStatus.LastError )
{
wprintf(L" Last Error Message: %s\n", runtimeStatus.LastErrorMessage.c_str());
}
else
{
wprintf(L" Last Error Message: No Error\n");
}
wprintf(L" Next Retry Time: %s\n", runtimeStatus.NextRetryTime.c_str());
}
Cleanup:
// Step 5: Close the subscription.
if(hSubscription)
EcClose(hSubscription);
if (dwRetVal != ERROR_SUCCESS)
{
FormatMessageW( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
dwRetVal,
0,
(LPWSTR) &lpwszBuffer,
0,
NULL);
if (!lpwszBuffer)
{
wprintf(L"Failed to FormatMessage. Operation Error Code: %u." \
L"Error Code from FormatMessage: %u\n", dwRetVal, GetLastError());
return;
}
wprintf(L"\nFailed to Perform Operation.\nError Code: %u\n" \
L"Error Message: %s\n", dwRetVal, lpwszBuffer);
LocalFree(lpwszBuffer);
}
}
// Get the information for the specified EC_SUBSCRIPTION_RUNTIME_STATUS_INFO_ID
DWORD GetStatus(LPCWSTR subscriptionName,
LPCWSTR eventSource,
EC_SUBSCRIPTION_RUNTIME_STATUS_INFO_ID statusInfoID,
DWORD flags,
std::vector<BYTE>& buffer,
PEC_VARIANT& vStatus)
{
DWORD dwBufferSize, dwRetVal = ERROR_SUCCESS;
buffer.clear();
buffer.resize(sizeof(EC_VARIANT));
if ( !EcGetSubscriptionRunTimeStatus( subscriptionName,
statusInfoID,
eventSource,
flags,
(DWORD) buffer.size(),
(PEC_VARIANT) &buffer[0],
&dwBufferSize))
{
dwRetVal = GetLastError();
if( ERROR_INSUFFICIENT_BUFFER == dwRetVal)
{
dwRetVal = ERROR_SUCCESS;
buffer.resize(dwBufferSize);
if(!EcGetSubscriptionRunTimeStatus( subscriptionName,
statusInfoID,
eventSource,
flags,
(DWORD) buffer.size(),
(PEC_VARIANT) &buffer[0],
&dwBufferSize))
{
dwRetVal = GetLastError();
}
}
}
if ( ERROR_SUCCESS == dwRetVal)
{
vStatus = (PEC_VARIANT) &buffer[0];
}
else
{
vStatus = NULL;
}
return dwRetVal;
}
std::wstring ConvertEcDateTime( ULONGLONG code )
{
FILETIME ft;
SYSTEMTIME utcTime;
SYSTEMTIME localTime;
std::wstring timeString;
std::vector<WCHAR> buffer(30);
timeString = L"Error- Failed to Convert Date Time to String";
ft.dwHighDateTime = (DWORD)((code >> 32) & 0xFFFFFFFF);
ft.dwLowDateTime = (DWORD)(code & 0xFFFFFFFF);
if( !FileTimeToSystemTime( &ft, &utcTime) )
{
return timeString;
}
if(!SystemTimeToTzSpecificLocalTime(NULL, &utcTime, &localTime))
{
return timeString;
}
HRESULT hr = StringCchPrintfW((LPWSTR) &buffer[0],
buffer.size(),
L"%4.4hd-%2.2hd-%2.2hdT%2.2hd:%2.2hd:%2.2hd.%3.3hdZ",
localTime.wYear,
localTime.wMonth,
localTime.wDay,
localTime.wHour,
localTime.wMinute,
localTime.wSecond,
localTime.wMilliseconds);
if (FAILED(hr))
{
return timeString;
}
timeString = (LPWSTR) &buffer[0];
return timeString;
}
相关主题
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈