Writing to event log

Discussion in 'ASP .Net Security' started by Tlink, Jul 14, 2005.

  1. Tlink

    Tlink Guest

    I am trying to write to the event log using the following code from a aspx
    page benhind code.

    Function WriteEventlog(ByVal LogName, ByVal MachineName, ByVal
    Source, ByVal EventMessage, ByVal EventID, ByRef Category, ByRef
    ErrorResults)
    ***values TLN
    ..(Dot) "" "Test 1"
    0 0 "" ****
    Dim sSource As String
    Dim sLog As String
    Dim sEvent As String
    Dim sMachine As String
    Try
    If Source = "" Then sSource = "EProcessController" Else
    sSource = Source
    If LogName = "" Then
    sLog = "Application"
    Else
    sLog = LogName
    End If
    If MachineName = "" Then
    sMachine = "."
    Else
    sMachine = MachineName
    End If

    If Not EventLog.SourceExists(sSource, sMachine) Then
    EventLog.CreateEventSource(sSource, sLog, sMachine)
    End If

    If EventID > 0 Then
    EventLog.WriteEntry(sSource, EventMessage,
    EventLogEntryType.Error, EventID, Category)
    Else
    EventLog.WriteEntry(sSource, EventMessage,
    EventLogEntryType.Information, EventID, Category)
    End If
    Catch ex As Exception
    ErrorResults = ex.ToString
    End Try

    End Function

    Results in the following error:

    System.Security.SecurityException: Requested registry access is not allowed.
    at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
    at System.Diagnostics.EventLog.FindSourceRegistration(String source,
    String machineName, Boolean readOnly)
    at System.Diagnostics.EventLog.SourceExists(String source, String
    machineName)
    at Inbizness.DefaultLibrary.WriteEventlog(Object LogName, Object
    MachineName, Object Source, Object EventMessage, Object EventID, Object&
    Category, Object& ErrorResults) in
    D:\Dev\OrderingSystem\code\TClass\Class1.vb:line 381"

    I have set the relevant registry key to allow the r/w of the event log yet
    no go.
     
    Tlink, Jul 14, 2005
    #1
    1. Advertising

  2. Hello Tlink,

    creating an event source requires special (admin) privileges -

    you have two choices -

    write a little console app that creates the event source for you (run it
    under the admin account)
    change the ACLs on some registry keys (not really recommended) :

    If your application needs to create event sources, you need to ensure that
    the application's identity has the relevant permissions on the following
    registry key.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

    At minimum, your Web application process identity, which defaults to Network
    Service on Windows Server 2003, must have the following permissions on this
    registry key:

    Query key value
    Set key value
    Create subkey
    Enumerate subkeys
    Notify
    Read
    These settings must be applied to the key shown above and subkeys. Alternatively,
    you can create event sources at installation time when administrative privileges
    are available.


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I am trying to write to the event log using the following code from a
    > aspx page benhind code.
    >
    > Function WriteEventlog(ByVal LogName, ByVal MachineName, ByVal
    > Source, ByVal EventMessage, ByVal EventID, ByRef Category, ByRef
    > ErrorResults)
    > ***values TLN
    > .(Dot) "" "Test 1"
    > 0 0 "" ****
    > Dim sSource As String
    > Dim sLog As String
    > Dim sEvent As String
    > Dim sMachine As String
    > Try
    > If Source = "" Then sSource = "EProcessController"
    > Else
    > sSource = Source
    > If LogName = "" Then
    > sLog = "Application"
    > Else
    > sLog = LogName
    > End If
    > If MachineName = "" Then
    > sMachine = "."
    > Else
    > sMachine = MachineName
    > End If
    > If Not EventLog.SourceExists(sSource, sMachine) Then
    > EventLog.CreateEventSource(sSource, sLog,
    > sMachine)
    > End If
    > If EventID > 0 Then
    > EventLog.WriteEntry(sSource, EventMessage,
    > EventLogEntryType.Error, EventID, Category)
    > Else
    > EventLog.WriteEntry(sSource, EventMessage,
    > EventLogEntryType.Information, EventID, Category)
    > End If
    > Catch ex As Exception
    > ErrorResults = ex.ToString
    > End Try
    > End Function
    >
    > Results in the following error:
    >
    > System.Security.SecurityException: Requested registry access is not
    > allowed.
    > at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
    > writable)
    > at System.Diagnostics.EventLog.FindSourceRegistration(String
    > source,
    > String machineName, Boolean readOnly)
    > at System.Diagnostics.EventLog.SourceExists(String source, String
    > machineName)
    > at Inbizness.DefaultLibrary.WriteEventlog(Object LogName, Object
    > MachineName, Object Source, Object EventMessage, Object EventID,
    > Object&
    > Category, Object& ErrorResults) in
    > D:\Dev\OrderingSystem\code\TClass\Class1.vb:line 381"
    >
    > I have set the relevant registry key to allow the r/w of the event log
    > yet no go.
    >
     
    Dominick Baier [DevelopMentor], Jul 14, 2005
    #2
    1. Advertising

  3. What we used to do was install our web application and then turn on
    impersonation, and logon as the machine administrator.

    Once accessed, we went back in and disabled impersonation, and all the event
    sources were successfully created for us so we could then use the normal
    user. On ly applies if your doing the install of course but it was an easy
    way around it.

    --
    - Paul Glavich
    MVP ASP.NET
    http://weblogs.asp.net/pglavich
    ASPInsiders member - http://www.aspinsiders.com


    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Tlink,
    >
    > creating an event source requires special (admin) privileges -
    > you have two choices -
    > write a little console app that creates the event source for you (run it
    > under the admin account)
    > change the ACLs on some registry keys (not really recommended) :
    >
    > If your application needs to create event sources, you need to ensure that
    > the application's identity has the relevant permissions on the following
    > registry key.
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
    >
    > At minimum, your Web application process identity, which defaults to
    > Network Service on Windows Server 2003, must have the following
    > permissions on this registry key:
    > Query key value Set key value Create subkey Enumerate subkeys Notify Read
    > These settings must be applied to the key shown above and subkeys.
    > Alternatively, you can create event sources at installation time when
    > administrative privileges are available.
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    >> I am trying to write to the event log using the following code from a
    >> aspx page benhind code.
    >>
    >> Function WriteEventlog(ByVal LogName, ByVal MachineName, ByVal
    >> Source, ByVal EventMessage, ByVal EventID, ByRef Category, ByRef
    >> ErrorResults)
    >> ***values TLN
    >> .(Dot) "" "Test 1"
    >> 0 0 "" ****
    >> Dim sSource As String
    >> Dim sLog As String
    >> Dim sEvent As String
    >> Dim sMachine As String
    >> Try
    >> If Source = "" Then sSource = "EProcessController"
    >> Else
    >> sSource = Source
    >> If LogName = "" Then
    >> sLog = "Application"
    >> Else
    >> sLog = LogName
    >> End If
    >> If MachineName = "" Then
    >> sMachine = "."
    >> Else
    >> sMachine = MachineName
    >> End If
    >> If Not EventLog.SourceExists(sSource, sMachine) Then
    >> EventLog.CreateEventSource(sSource, sLog,
    >> sMachine)
    >> End If
    >> If EventID > 0 Then
    >> EventLog.WriteEntry(sSource, EventMessage,
    >> EventLogEntryType.Error, EventID, Category)
    >> Else
    >> EventLog.WriteEntry(sSource, EventMessage,
    >> EventLogEntryType.Information, EventID, Category)
    >> End If
    >> Catch ex As Exception
    >> ErrorResults = ex.ToString
    >> End Try
    >> End Function
    >>
    >> Results in the following error:
    >>
    >> System.Security.SecurityException: Requested registry access is not
    >> allowed.
    >> at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean
    >> writable)
    >> at System.Diagnostics.EventLog.FindSourceRegistration(String
    >> source,
    >> String machineName, Boolean readOnly)
    >> at System.Diagnostics.EventLog.SourceExists(String source, String
    >> machineName)
    >> at Inbizness.DefaultLibrary.WriteEventlog(Object LogName, Object
    >> MachineName, Object Source, Object EventMessage, Object EventID,
    >> Object&
    >> Category, Object& ErrorResults) in
    >> D:\Dev\OrderingSystem\code\TClass\Class1.vb:line 381"
    >>
    >> I have set the relevant registry key to allow the r/w of the event log
    >> yet no go.
    >>

    >
    >
    >
     
    Paul Glavich [MVP ASP.NET], Jul 14, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henrik_the_boss
    Replies:
    0
    Views:
    2,676
    Henrik_the_boss
    Nov 5, 2003
  2. Ollie
    Replies:
    10
    Views:
    3,211
    pobby69
    Nov 14, 2008
  3. =?Utf-8?B?VG9tIFdpbmdlcnQ=?=

    My.Log.Writeexception not writing to Application Event Log.

    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=, Jan 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,394
    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=
    Jan 20, 2006
  4. Tom Wingert
    Replies:
    0
    Views:
    350
    Tom Wingert
    Jan 12, 2006
  5. Replies:
    0
    Views:
    1,343
Loading...

Share This Page