EventViewer
Mr. X.
I see the sample on http://support.microsoft.com/kb/307024
When I do with the same parameters as above :
if (!(EventLog.SourceExists(sSource)))
{
EventLog.CreateEventSource(sSource, sLog);
}
I got an exception :
{"The source was not found, but some or all event logs could not be
searched. Inaccessible logs: Security."} System.SystemException
{System.Security.SecurityException}
Thanks :)
Peter Duniho
The exception seems pretty self-explanatory to me. Sounds like you are
not executing the code with sufficient access privileges to be permitted
to access the source.
Pete
Mr. X.
I don't understand much about eventViewer.
What should I do or check about in order to have sufficient access
privileges to be permitted to access the source ?
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:O-mdnR-pWM2k3trR...@posted.palinacquisition...
Peter Duniho
> At the example I gave, source is : "dotNET Sample App".
Sorry…I meant log, not source.
> I don't understand much about eventViewer.
> What should I do or check about in order to have sufficient access
> privileges to be permitted to access the source ?
You can try running your program as administrator. Alternatively, I
believe there's a way to specify in the manifest that Windows should
prompt for admin credentials (but I'm not that familiar with that
technique).
Alternatively, don't use the SourceExists() overload that looks in all
of the logs. Instead, specify the log where you actually want to put
the source using the other overload. Then the security log won't be
searched at all, and the access issue won't be an issue.
Pete
Mr. X.
The exception is on the line :
if (!(EventLog.SourceExists(sSource)))
Please, give me an example how running my code, in order not getting the
exception.
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:HZidnRj9roNTzdrR...@posted.palinacquisition...
Jeff Johnson
news:i27kfo$kh5$1...@news.eternal-september.org...
>I didn't reach the line that I refer to "Log".
> The exception is on the line :
> if (!(EventLog.SourceExists(sSource)))
>
> Please, give me an example how running my code, in order not getting the
> exception.
From the MSDN documentation on SourceExists(String):
=======
Because this method accesses the registry, you must have the appropriate
registry permissions on the local computer; otherwise, a SecurityException
will be thrown.
Note:
To search for an event source in Windows Vista, Windows XP Professional , or
Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security,
must be searched to determine whether the event source is unique. In Windows
Vista, users do not have permission to access the security log; therefore, a
SecurityException is thrown.
In Windows Vista, User Account Control (UAC) determines the privileges of a
user. If you are a member of the Built-in Administrators group, you are
assigned two run-time access tokens: a standard user access token and an
administrator access token. By default, you are in the standard user role.
To execute the code that accesses performance counters, you must first
elevate your privileges from standard user to administrator. You can do this
when you start an application by right-clicking the application icon and
indicating that you want to run as an administrator.
Note:
A service that is executing under the LocalSystem account does not have the
privileges required to execute this method. The solution is to check whether
the event source exists in the ServiceInstaller, and if it does not exist,
to create the source in the installer.
=======
Peter Duniho
> I didn't reach the line that I refer to "Log".
> The exception is on the line :
> if (!(EventLog.SourceExists(sSource)))
I understand that.
> Please, give me an example how running my code, in order not getting the
> exception.
http://msdn.microsoft.com/en-us/library/6s7642se.aspx
Strangely enough, there is plenty of information on the above page, the
documentation for the EventLog.SourceExists() method, regarding security
requirements for the method.
Pete
Mr. X.
I have Windows 7.
VS. 2008.
What I want, that each exception will be thrown elegantly :
I mean that for exception there will be an hint on the status-bar, which
user can click, and expend the exception message.
Each exception I write on the event-viewer.
I don't know whether the above is a good solution, indeed.
On : Control Panel\User Accounts and Family Safety\User Accounts, I see that
my account is declared as administrator.
I didn't see a way to run my application with administrator privileges,
neither on the VS.2008 IDE.
Thanks :)
"Jeff Johnson" <i....@enough.spam> wrote in message
news:i27m0l$4qo$1...@news.eternal-september.org...
Peter Duniho
> O.K.
> I have Windows 7.
> VS. 2008.
>
> What I want, that each exception will be thrown elegantly :
> I mean that for exception there will be an hint on the status-bar, which
> user can click, and expend the exception message.
> Each exception I write on the event-viewer.
> I don't know whether the above is a good solution, indeed.
>
> On : Control Panel\User Accounts and Family Safety\User Accounts, I see
> that my account is declared as administrator.
> I didn't see a way to run my application with administrator privileges,
> neither on the VS.2008 IDE.
I don't know the specifics, but I'm pretty sure there's a setting you
can place in the application manifest to declare it as requiring admin
rights.
Running standalone, you can right-click on the program or its shortcut
and choose "Run As Administrator". You need to do this even if your
user account is an admin; otherwise the program is run under the admin
user account but with reduced privileges.
But, more to the point: if your program doesn't actually need to access
the security log (the one that requires you to have admin rights), then
you are better off just not writing a program that tries to access the
security log.
Pete
Mr. X.
When running on debug - I didn't succeed.
I didn't find a way to declare that in C# (VS. 2008).
It just writing to eventViewer - Why should I avoid that?
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:D-udnaH3Brr16tXR...@posted.palinacquisition...
Peter Duniho
> When running standalone - I succeed writing to EventViewer.
To the event log, you mean. The EventViewer tool is just a way to look
at the log.
> When running on debug - I didn't succeed.
> I didn't find a way to declare that in C# (VS. 2008).
> It just writing to eventViewer - Why should I avoid that?
You should avoid trying to access the security log because your program
doesn't actually need to access the security log. More to the point,
not only does your program not need access to the security log, as you
have found out, the unnecessary attempt to access the security log
prevents your program from working.
Please read my other reply, in which I suggested using the overload to
examine a specific log, rather than searching all logs for your source.
Pete
Mr. X.
I just want to write message to event-viewer.
If not - what is the new suggested attitude writing message/errors instead
of writing to event viewer?
(I am stacked on the line :
if (!(EventLog.SourceExists(sSource)))
only when debugging C# VS.2008)
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:55Sdnf4TN_owCNXR...@posted.palinacquisition...
Peter Duniho
> Does every writing to EventViewer is access the security log ?
No. But when you call EventLog.SourceExists() without specifying a
specific log, the method has to look in _all_ logs, including the
security log.
> I just want to write message to event-viewer.
> If not - what is the new suggested attitude writing message/errors
> instead of writing to event viewer?
> (I am stacked on the line :
> if (!(EventLog.SourceExists(sSource)))
> only when debugging C# VS.2008)
I already answered the question:
http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/msg/16990b4adfdfb882
Pete
Mr. X.
I didn't know that EventLog.SourceExists search all the events (and I didn't
find any way not doing so).
I need to write into EventViewer.
I don't know what should I put in EventLog.SourceExists parameters, in
order to search a specific log.
SourceExists takes at the first parameter : source.
At the second parameter (optional) : current machine.
Should I declare the log (or source, whatever)?
Should I register some source/log?
How can I do that?
I didn't find any clue how doing that, even on the internet.
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:Y6idnXPP1NMqBtXR...@posted.palinacquisition...
Peter Duniho
> O.K.
> I didn't know that EventLog.SourceExists search all the events (and I
> didn't find any way not doing so).
> I need to write into EventViewer.
> I don't know what should I put in EventLog.SourceExists parameters, in
> order to search a specific log.
> SourceExists takes at the first parameter : source.
> At the second parameter (optional) : current machine.
Hmm…sorry. I glanced at the overload too quickly, and assumed the
second parameter was the log name. On closer inspection, I don't see a
way to look for a source in a specific log.
Looking at the docs more closely (which you could have done), I see that
you cannot create a new source at all, even to accessible logs, if you
aren't executing with admin credentials. This is because the event
source has to be unique across all of the logs, and the OS can't
determine that unless it can access the security log.
It appears to me that the normal way to do this is to create the event
source as part of the application installation, when you know you have
to have admin credentials anyway (well, assuming you're installing to
the Program Files directory, that is). Then your application can just
assume that the source exists.
You can find more details here:
http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.aspx
Alternatives include:
• Restarting your process using the "runas" verb with the
System.Diagnostics.Process class, to cause a UAC prompt to be displayed
so the user can run the program under elevated permissions so you can
create the source.
• Use the unmanaged LogonUser() function to impersonate an admin
user. .NET doesn't seem to have a managed code way to do this, but it
does have a managed code way to _undo_ that after you're done
impersonating (e.g. after the event source has been created):
http://msdn.microsoft.com/en-us/library/system.security.principal.windowsimpersonationcontext.aspx
Sorry…that's all I've got at the moment.
Pete
Mr. X.
I did for a specific log, and specific source, which are always exists
(I didn't find a way to create a source).
The source : "Application Error"
The log : "Application"
I see the error on event-viewer, but event-id = 0. Why ?
The program can run for now with no security problems.
Thanks :)
"Peter Duniho" <NpOeS...@NnOwSlPiAnMk.com> wrote in message
news:5_KdneFWb53i0dTR...@posted.palinacquisition...
Mr. X.
"Mr. X." <nospa...@gmail.com> wrote in message
news:i2blqh$v7k$1...@news.eternal-september.org...
Mr. X.
I think if there is no necessary for calculation eventId (there is no event
ID),
and whether I use a specific Source & Log : "Application", "Application Log"
respectively,
(you should say so from the beginning),
problem is solved.
Thanks :)
"Mr. X." <nospa...@gmail.com> wrote in message
news:i2bns4$6fd$1...@news.eternal-september.org...