Writing ASP.NET errors to the NT Applicaion Event Log

Discussion in 'ASP .Net Security' started by Graham Harris, May 10, 2005.

  1. I have some code that presents the user with an error if my web
    application errors. I would like to write the same information to the
    NT Application Event log. The problem is that Windows 2003 Server does
    not allow IIS ASP.NET to write to the event log. What do I need to do
    to allow this?

    TIA

    Graham Harris
     
    Graham Harris, May 10, 2005
    #1
    1. Advertising

  2. Hello Graham,


    in w2k3 you can set ACLs on Event Logs - this is done by using an SDDL (Security
    Descriptor Description Language).

    The default for the Application Log is

    O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)
    (A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

    (nice, eh?)

    found under : HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\Eventlog\Application\CustomSD


    this basically means service accounts/admins have read/write - no one else

    you can find more info on SDDL via
    http://msdn.microsoft.com/library/en-us/security/security/security_descriptor_string_format.asp

    and more info on how to change that settings:
    http://msdn.microsoft.com/library/en-us/dncode/html/secure06122003.asp

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I have some code that presents the user with an error if my web
    > application errors. I would like to write the same information to the
    > NT Application Event log. The problem is that Windows 2003 Server does
    > not allow IIS ASP.NET to write to the event log. What do I need to do
    > to allow this?
    >
    > TIA
    >
    > Graham Harris
    >
     
    Dominick Baier [DevelopMentor], May 10, 2005
    #2
    1. Advertising

  3. Graham Harris

    Brad Guest

    Our aspx apps write to the Application event log on w2k3 server and we
    didn't have to change anything. Are you by chance trying to specify the
    Source property of the event? If so, you basically want to create the
    Source value as a valid event source in advance. Once you do that it should
    work without any permission changes.

    "Graham Harris" <> wrote in message
    news:...
    >I have some code that presents the user with an error if my web
    > application errors. I would like to write the same information to the
    > NT Application Event log. The problem is that Windows 2003 Server does
    > not allow IIS ASP.NET to write to the event log. What do I need to do
    > to allow this?
    >
    > TIA
    >
    > Graham Harris
     
    Brad, May 12, 2005
    #3
  4. Hello Brad,

    it all depends under which account your app is running - as you can see,
    Service Accounts are allowed to write to the Application Log - but not custom
    accounts, by default.

    But it is true - you cannot create an Event Source as non admin.

    Write a little console app the pre-creates it and run it as admin.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Our aspx apps write to the Application event log on w2k3 server and we
    > didn't have to change anything. Are you by chance trying to specify
    > the Source property of the event? If so, you basically want to create
    > the Source value as a valid event source in advance. Once you do that
    > it should work without any permission changes.
    >
    > "Graham Harris" <> wrote in message
    > news:...
    >
    >> I have some code that presents the user with an error if my web
    >> application errors. I would like to write the same information to the
    >> NT Application Event log. The problem is that Windows 2003 Server
    >> does not allow IIS ASP.NET to write to the event log. What do I need
    >> to do to allow this?
    >>
    >> TIA
    >>
    >> Graham Harris
    >>
     
    Dominick Baier [DevelopMentor], May 14, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henrik_the_boss
    Replies:
    0
    Views:
    2,659
    Henrik_the_boss
    Nov 5, 2003
  2. MattB

    Writing errors to the Event Log

    MattB, Feb 28, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    498
    bruce barker
    Mar 1, 2005
  3. =?Utf-8?B?ZGF2aWQ=?=
    Replies:
    4
    Views:
    511
    Lucas Tam
    Aug 25, 2005
  4. =?Utf-8?B?VG9tIFdpbmdlcnQ=?=

    My.Log.Writeexception not writing to Application Event Log.

    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=, Jan 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,381
    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=
    Jan 20, 2006
  5. Tom Wingert
    Replies:
    0
    Views:
    333
    Tom Wingert
    Jan 12, 2006
Loading...

Share This Page