Yeah, this question have been asked several times. But I am not satisfied with the answers.
Here, I'd like to aggregate all infos I found, and discuss this question again.
There are three default event logs: Application, System, and Security. A Security log is read-only.
Note that the Security log is for system use only.
"Only the Local Security Authority (Lsass.exe) has write permission for the Security log. No other account can request this privilege. To write an event to the Security log, use the AuthzReportSecurityEvent function."
I am confused by MSDN. Some page(1 and 2) tell you the Security Event is read only and only for system. some page tell you can write to the Security Event. Is there anyone who can help to explain this?
