0

I want to log to the Application event log from an ASP .NET app. I want to call EventLog.SourceExists to determine if an event source exists firstly and if not create it.

As documented on MSDN (http://msdn.microsoft.com/en-us/library/6s7642se.aspx): "To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges. The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown."

The NetworkService user in my case will not have admin privileges, so EventLog.SourceExists throws a SecurityException as documented in MSDN.

My question is: how can I code around the call to EventLog.SourceExists defensively? Is there something I can call to firstly check if I have permission to search for event sources prior to calling EventLog.SourceExists?

Or is my only option to catch the SecurityException and take some other action inside the catch block e.g. log to an existing event source e.g. Information

Thanks

Kevin

Kevin Higgins
  • 131
  • 1
  • 6

1 Answers1

0

Do you absolutely have to write to the Windows application event log? The security restrictions that are in place by default do make this difficult to do. Every time I've been developing on a new VM I have to make a registry entry to allow the NETWORK_USER account to write to the log and as soon as you roll your application onto a live server (where making wholesale registry changes probably isn't a good idea) then you are snookered.

Also, experience has taught me that the Windows event log isn't the friendliest environment for logging / debugging. For server apps that run overnight I tend to do all my event logging to an html file that I can read the next day, for web apps I use a custom database and send all my events to that instead.

markp3rry
  • 724
  • 10
  • 26
  • No I don't have to use Event Log. My company exposes a logging library. The intention is that during development apps can use this library to use the event log for logging (if desired) just for testing, assume they maybe don't have a logging DB setup at this point. In production, apps should never use the event log, they should always log to a DB. However, some apps may deploy their code to a test server (for example) during development and the logging to event log stops working, because they don't have the same control over permissions as their local machine. – Kevin Higgins May 01 '12 at 13:26
  • I'm basically trying to work out should I code around this, or never try to create a custom event source in the logging library, instead just log to maybe the "Information" event source ... thanks for the response BTW! – Kevin Higgins May 01 '12 at 13:30
  • You're welcome; happy to share my (admittedly limited) knowledge (a vote up would be nice). If you definitely need to log to the Event Log then I would recommend you create a custom Event Log and log to that - don't use the main application event log. But, as you say, as soon as you deploy to a test server the security stops your app from logging, so I would explore other solutions (which I described above) because they are much more flexible. – markp3rry May 01 '12 at 13:37