3

I'm following this post and trying to run the code (copied below), and I'm having a slightly different problem. I can remote connect to the server and view the event log through the Event Viewer program, but I can't iterate through the events in the code. I get an InvalidOperationException saying "Cannot open log EventLogName on machine . Windows has not provided an error code." There is also an inner exception of type System.ComponentModel.Win32Exception that says "Access is denied."

private static bool GetEventLogData(DateTime start)
{
    var log = new EventLog("EventLogName", "SERVER.domain.net");
    bool errorFound = false;
    foreach (EventLogEntry entry in log.Entries)
    {
        if ((entry.EntryType == EventLogEntryType.Error) && 
            (entry.TimeGenerated >= start))
        {
            Console.WriteLine("Error in Event Log:\n" + entry.Message + "\n");
            errorFound = true;
        }
    }
    return errorFound;
}

Any ideas?

EDIT:

The exception data is as follows. I can't post the server name as it is company information. I receive the error when trying to read the event log. I am absolutely sure I can read the log because I can remote connect with my account and read the log using the Event Viewer.

System.InvalidOperationException was unhandled
  Message=Cannot open log EventLogName on machine SERVER.domain.net. Windows has not provided an error code.
  Source=System
  StackTrace:
       at System.Diagnostics.EventLogInternal.OpenForRead(String currentMachineName)
       at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32 index)
       at System.Diagnostics.EventLogEntryCollection.EntriesEnumerator.MoveNext()
       at System.Linq.Enumerable.<CastIterator>d__b1`1.MoveNext()
       at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
       at System.Collections.Generic.List`1.InsertRange(Int32 index, IEnumerable`1 collection)
       at System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection)
       at MyApp.Program.GetEventLogData(String machineName, DateTime start) in c:\users\me\documents\visual studio 2010\Projects\MyApp\MyApp\Program.cs:line 45
       at MyApp.Program.Main(String[] args) in c:\users\me\documents\visual studio 2010\Projects\MyApp\MyApp\Program.cs:line 28
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: System.ComponentModel.Win32Exception
       Message=Access is denied
       ErrorCode=-2147467259
       NativeErrorCode=5
       InnerException:
Community
  • 1
  • 1
gregsdennis
  • 7,218
  • 3
  • 38
  • 71
  • Could this be something to do with you running on a remote machine and not having an Admin account or access to view/open the event log..? are you successfully connecting to the remote server..? do you need to have @"\\" in front of the server name..? also does this require username, password, domain..? – MethodMan Jul 19 '12 at 17:27
  • Checkout this site if you want to utilize win32API http://www.pinvoke.net/default.aspx/advapi32.LogonUser – MethodMan Jul 19 '12 at 17:32
  • Check the ErrorCode propery. You may be able to get some additional information by looking up the hexadecimal representation of that number on the web. – JamieSee Jul 19 '12 at 17:36
  • @JamieSee, as I mentioned above, the error states there is no error code. – gregsdennis Jul 19 '12 at 17:38
  • @DJKRAZE, I can connect to the machine just fine (both through remote connection and the code). The problem is reading the log through the code. – gregsdennis Jul 19 '12 at 17:40
  • I notice some things that you are not doing.. are you familiar with writing to the eventlog using System.Diagnostics Class..? well a similar process can be used to read from the event log.. have you thought about using WMI...? – MethodMan Jul 19 '12 at 17:42
  • @DJKRAZE, I am not familiar. I'm trying to learn by doing. – gregsdennis Jul 19 '12 at 17:48
  • check out this site MSDN it may help you to get at what you are trying to do.. http://msdn.microsoft.com/en-us/library/bb671200%28v=vs.90%29.aspx – MethodMan Jul 19 '12 at 17:49
  • I did look at that, and I couldn't find a resource for the XML query language. I'm ultimately trying to get all errors from a single application event log after a given date/time. – gregsdennis Jul 19 '12 at 17:54
  • there is an example on the web for that I just saw that but did not copy the URL because you did not specify that initially.. check this link and follow the answer at the bottom it will make for a great learning experience.. http://stackoverflow.com/questions or this link http://stackoverflow.com/questions/182372/what-is-the-easiest-way-using-net-to-check-if-events-have-been-logged-in-the-ev /6335340/getting-details-of-an-event-from-event-log – MethodMan Jul 19 '12 at 17:56
  • Could you try something like this to loops thru the events and from there you could narrow it down to see the exact events that you would like to check..? just for starters ..? plug in the Remote server name where needed .. It sounds to me like a permissions issue.. could you Debug it and copy paste the exact error here on the page..? foreach (System.Diagnostics.EventLogEntry entry in EventLog1.Entries) { Console.WriteLine(entry.Message); } – MethodMan Jul 19 '12 at 18:01
  • The windows user account your application is running under needs to have permissions to read or write event logs. – ulty4life Jul 19 '12 at 18:02
  • What version of Windows is your client machine and what version of Windows is the remote machine? – JamieSee Jul 19 '12 at 18:37
  • Client is Win7, remote is Server2008 – gregsdennis Jul 19 '12 at 18:39

1 Answers1

1

This is most likely a policy permission issue. See the Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008 blog entry on TechNet. I was able to make your code work once I did this. In the case of Windows 2008 Server and higher, it's simply a matter of adding the user to the Event Log Readers local security group. Until I did that I was getting the same error.

JamieSee
  • 12,696
  • 2
  • 31
  • 47
  • We already have users set up for WCF services and monitoring applications. I can probably work with our networking team to get my program to run under one of those. – gregsdennis Sep 04 '12 at 19:07