C#使用Log Parser 2.2 + MSchart打造簡易Windows日志分析工具

llyyt85 2013-06-26

展開全文

C#使用Log Parser 2.2 + MSchart打造簡易Windows日志分析工具

分類： .NET 2012-05-28 12:33 797人閱讀評論(3) 收藏舉報

windows c#button string object sql

前段時間做了一個簡易的Windows日志分析工具（主要針對Windows系統(tǒng)日志SysEvent.Evt這個文件），主要是使用了Log Parser 2.2和MSchart控件，在此和大家分享一下！

首先是Log Parser 2.2，關(guān)于它的介紹我就不多說了，下載地址：http://www.microsoft.com/en-us/download/details.aspx?id=24659

第一步是安裝Log Parser 2.2，然后新建一個C#窗體項目，在資源管理器中選中“引用”右鍵“添加引用”，選擇Log Parser 2.2安裝目錄下的“LogParser.dll”

添加引用

然后確定返回主窗體頁面，添加一個button和一個dataGridView控件，在button的Click事件寫入如下代碼：

[html] view plain copy print ?

private void button1_Click(object sender, EventArgs e)
{
string sql = @"SELECT EventID, TimeGenerated, SourceName, Message FROM E:\SysEvent.Evt";//此為系統(tǒng)日志文件路徑
DataTable dt = readFromEvt(sql);
writeToDataBase(dt);
dataGridView2.DataSource = dt;
MessageBox.Show("讀取完畢！");
}

        private void button1_Click(object sender, EventArgs e)
        {
            string sql = @"SELECT EventID, TimeGenerated, SourceName, Message FROM E:\SysEvent.Evt";//此為系統(tǒng)日志文件路徑
            DataTable dt = readFromEvt(sql);
            writeToDataBase(dt);
            dataGridView2.DataSource = dt;
            MessageBox.Show("讀取完畢！");
        }

[html] view plain copy print ?

public DataTable readFromEvt(string sql)
{
try
{
DataTable datat = new DataTable();
datat.Columns.Add("事件ID", typeof(string));
datat.Columns.Add("日期", typeof(string));
datat.Columns.Add("來源", typeof(string));
datat.Columns.Add("描述", typeof(string));
// Instantiate the LogQuery object
LogQuery oLogQuery = new LogQuery();
// Instantiate the Event Log Input Format object
EvtInputFormat oEvtInputFormat = new EvtInputFormat();
// Set its "direction" parameter to "BW"
oEvtInputFormat.direction = "BW";
// Create the query
string query = sql;
// Execute the query
LogRecordSet oRecordSet = oLogQuery.Execute(query, oEvtInputFormat);
while (!oRecordSet.atEnd())
{
var itemData = oRecordSet.getRecord();
DataRow dr = datat.NewRow();
dr["事件ID"] = itemData.getValue("EventID").ToString();
dr["日期"] = itemData.getValue("TimeGenerated").ToString();
dr["來源"] = itemData.getValue("SourceName").ToString();
dr["描述"] = itemData.getValue("Message").ToString();
datat.Rows.Add(dr);
oRecordSet.moveNext();
}
// Close the recordset
oRecordSet.close();
return datat;
}
catch (System.Runtime.InteropServices.COMException exc)
{
MessageBox.Show("Unexpected error: " + exc.Message);
return null;
}
}

        public DataTable readFromEvt(string sql)
        {
            try
            {
                DataTable datat = new DataTable();
                datat.Columns.Add("事件ID", typeof(string));
                datat.Columns.Add("日期", typeof(string));
                datat.Columns.Add("來源", typeof(string));
                datat.Columns.Add("描述", typeof(string)); 
                // Instantiate the LogQuery object  
                LogQuery oLogQuery = new LogQuery();
                // Instantiate the Event Log Input Format object  
                EvtInputFormat oEvtInputFormat = new EvtInputFormat();
                // Set its "direction" parameter to "BW"  
                oEvtInputFormat.direction = "BW";
                // Create the query  
                string query = sql;
                // Execute the query  
                LogRecordSet oRecordSet = oLogQuery.Execute(query, oEvtInputFormat);
                while (!oRecordSet.atEnd())
                {
                    var itemData = oRecordSet.getRecord();
                    DataRow dr = datat.NewRow();
                    dr["事件ID"] = itemData.getValue("EventID").ToString();
                    dr["日期"] = itemData.getValue("TimeGenerated").ToString();
                    dr["來源"] = itemData.getValue("SourceName").ToString();
                    dr["描述"] = itemData.getValue("Message").ToString();
                    datat.Rows.Add(dr);
                    oRecordSet.moveNext();
                }
                
                // Close the recordset  
                oRecordSet.close();
                return datat;
            }
            catch (System.Runtime.InteropServices.COMException exc)
            {
                MessageBox.Show("Unexpected error: " + exc.Message);
                return null;
            } 
        }

至此已經(jīng)完成了SysEvent.Evt日志文件內(nèi)容的讀取，這里是讀取到一個DataTable并且綁定到dataGridView控件上，其中上面代碼中還有一個函數(shù)writeToDataBase(dt);主要是將這些數(shù)據(jù)寫到數(shù)據(jù)庫中。

接下來是MSchart，VS2010自帶這個控件，具體在工具箱數(shù)據(jù)欄下，名字是“Chart”，如果是VS2008的話還需要下載安裝一下，下載地址：http://www.microsoft.com/en-us/download/details.aspx?id=14422，安裝好以后，在“工具箱”右鍵“選擇項”，“瀏覽”在Microsoft Chart Controls安裝目錄把Assemblies下的dll都添加進(jìn)去（實際只用System.Windows.Forms.DataVisualization.dll），確定返回工具箱在數(shù)據(jù)欄下就可以看到“Chart”控件，拖拽一個到窗體上，然后再加入一個button，在button的Click事件寫入如下代碼：

[html] view plain copy print ?

private void button3_Click(object sender, EventArgs e)
{
DB db = new DB();
string sql = @"select top 5 EventID,count(*) as Num from EvevtLog group by EventID order by count(*) desc";
DataTable dt = db.GetDataTable(sql);
dataGridView2.DataSource = dt;
// Set series chart type
Chart1.Series[0].ChartType = SeriesChartType.Bar;
// Show as 3D
Chart1.ChartAreas[0].Area3DStyle.Enable3D = true;
// Draw as 3D Cylinder
Chart1.Series[0]["DrawingStyle"] = "Cylinder";
//Chart1.BackColor = Color.Azure; //圖表背景色
Chart1.Titles.Add("事件"); //圖表標(biāo)題
//設(shè)置圖表的數(shù)據(jù)源
Chart1.DataSource = dt;
//設(shè)置圖表Y軸對應(yīng)項
Chart1.Series[0].YValueMembers = "Num";
//Chart1.Series[1].YValueMembers = "Volume2";
//設(shè)置圖表X軸對應(yīng)項
Chart1.Series[0].XValueMember = "EventID";
Chart1.Series[0].IsValueShownAsLabel = true; //是否顯示數(shù)據(jù)
Chart1.Series[0].IsVisibleInLegend = false; //是否顯示數(shù)據(jù)說明
Chart1.Series[0].MarkerStyle = MarkerStyle.Circle; //線條上的數(shù)據(jù)點標(biāo)志類型
Chart1.Series[0].MarkerSize = 8; //標(biāo)志大小
Chart1.ChartAreas[0].AxisX.LineColor = Color.Blue; //X 軸顏色
Chart1.ChartAreas[0].AxisY.LineColor = Color.Blue; //Y 軸顏色
Chart1.ChartAreas[0].AxisX.LineWidth = 2; //X 軸寬度
Chart1.ChartAreas[0].AxisY.LineWidth = 2; //Y 軸寬度
Chart1.ChartAreas[0].AxisY.Title = "事件出現(xiàn)頻率"; //Y 軸標(biāo)題
//綁定數(shù)據(jù)
Chart1.DataBind();
}

private void button3_Click(object sender, EventArgs e)
        {
            DB db = new DB();
            string sql = @"select top 5 EventID,count(*) as Num from EvevtLog group by EventID order by count(*) desc";
            DataTable dt = db.GetDataTable(sql);
            dataGridView2.DataSource = dt;
            // Set series chart type
            Chart1.Series[0].ChartType = SeriesChartType.Bar;
            // Show as 3D
            Chart1.ChartAreas[0].Area3DStyle.Enable3D = true;
            // Draw as 3D Cylinder
            Chart1.Series[0]["DrawingStyle"] = "Cylinder";
            //Chart1.BackColor = Color.Azure; //圖表背景色
            Chart1.Titles.Add("事件"); //圖表標(biāo)題
            //設(shè)置圖表的數(shù)據(jù)源            
            Chart1.DataSource = dt;
            //設(shè)置圖表Y軸對應(yīng)項
            Chart1.Series[0].YValueMembers = "Num";
            //Chart1.Series[1].YValueMembers = "Volume2";
            //設(shè)置圖表X軸對應(yīng)項
            Chart1.Series[0].XValueMember = "EventID";
            Chart1.Series[0].IsValueShownAsLabel = true; //是否顯示數(shù)據(jù)
            Chart1.Series[0].IsVisibleInLegend = false; //是否顯示數(shù)據(jù)說明
            Chart1.Series[0].MarkerStyle = MarkerStyle.Circle; //線條上的數(shù)據(jù)點標(biāo)志類型
            Chart1.Series[0].MarkerSize = 8; //標(biāo)志大小
            Chart1.ChartAreas[0].AxisX.LineColor = Color.Blue; //X 軸顏色
            Chart1.ChartAreas[0].AxisY.LineColor = Color.Blue; //Y 軸顏色
            Chart1.ChartAreas[0].AxisX.LineWidth = 2; //X 軸寬度
            Chart1.ChartAreas[0].AxisY.LineWidth = 2; //Y 軸寬度
            Chart1.ChartAreas[0].AxisY.Title = "事件出現(xiàn)頻率"; //Y 軸標(biāo)題
            //綁定數(shù)據(jù)
            Chart1.DataBind(); 
        }

我這里面db.GetDataTable(sql);是從數(shù)據(jù)庫里抽取數(shù)據(jù)出來展示，各位其實可以按需選擇，關(guān)于展示部分，Chart控件很強(qiáng)大，我這里只做了一個統(tǒng)計展示的例子，其他的各位可以深入研究一下，最后看一下效果。