-1

I am running this code under an account that is an Administrator:

if (EventLog.Exists("AppName") == false)
    EventLog.CreateEventSource("AppName", "Application");  // exception here

It throws a SecurityException:

"The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security."

I can write events to the EventLog without doing this but it includes this crappy looking text in the log:

"The description for Event ID 0 from source Application cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer."

What am I missing?

Steve Wellens
  • 20,506
  • 2
  • 28
  • 69
  • Did you check the permissions on the registry key HKLM\System\CurrentControlSet\Services\Eventlog ? And maybe the child keys ? – schglurps Mar 12 '14 at 17:23
  • I'm administrator I have all permissions. In any event, it needs to work when deployed on other machines (and run by administrators). It should work as advertised without messing with the registry. – Steve Wellens Mar 12 '14 at 18:24

1 Answers1

2

I don't know if this is the best way to handle the problem but it works and I couldn't find a better solution:

// ---- Create Event Log Source ---------------------------------
//
// returns True if is it created or already exists.
//
// Only administrators can create event logs.

static public bool CreateEventLogSource()
{
    System.Diagnostics.Debug.WriteLine("CreateEventLogSource....");

    try
    {
        // this call is looking for this RegKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\<app Name>
        if (EventLog.SourceExists(Application.ProductName))
        {
            System.Diagnostics.Debug.WriteLine("Log exists, returning true.");
            return true;
        }
    }
    catch (System.Security.SecurityException)
    {
        // it could not find the EventLog Source and we are not admin so this is thrown 
        // when it tries to search the Security Log. 
        // We know it isn't there so ignore this exception
    }

    System.Diagnostics.Debug.WriteLine("EventLog Source doesn't exist....try to create it...");

    if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
    {
        System.Diagnostics.Debug.WriteLine("Running as Admin....trying to create....");
        try
        {
            EventLog.CreateEventSource(Application.ProductName, "Application");

            System.Diagnostics.Debug.WriteLine("Successfully create EventLogSource");
            return true;
        }
        catch (Exception Exp)
        {
            MessageBox.Show("Error Creating EventLog Source: " + Exp.Message, Application.ProductName);
            return false;
        }
    }
    else
    {
        System.Diagnostics.Debug.WriteLine("Need to restart with admin roles");

        ProcessStartInfo AdminProcess = new ProcessStartInfo();
        AdminProcess.UseShellExecute = true;
        AdminProcess.WorkingDirectory = Environment.CurrentDirectory;
        AdminProcess.FileName = Application.ExecutablePath;
        AdminProcess.Verb = "runas";

        try
        {
            Process.Start(AdminProcess);
            return false;
        }
        catch
        {
            MessageBox.Show("The EventLog source was NOT created", Application.ProductName);
            // The user refused to allow privileges elevation.
            return false;
        }
    }
}

Called here:

static void Main(string[] args)
{
     if (CreateEventLogSource() == false)
          return;
Steve Wellens
  • 20,506
  • 2
  • 28
  • 69