1

So I'm trying to get an Asp.Net application running on Windows 2008R2 / IIS 7.5 to log to the Windows Application Event Log using EntLib Logging Application Block.

It works great on our dev/test machines, but when we push to a more restricted environment we don't get any logs.

On the server in question we have in fact, created the event source as an admin using the powershell command New-EventLog -LogName "Application" -Source "MyApp", and configured EntLib correctly.

The usual fix I've seen is that you give your users full control in the registry to read/write to the Windows Event Log. However on the IIS/Asp.Net side we are using Windows Authentication + Impersonation, which means it would be very hard to give ALL the users this.

All of our users do exist within 4 Active Directory groups however, could I use this to give them the necessary permissions for the logging to work? Or is there another way?

khr055
  • 28,690
  • 16
  • 36
  • 48
Alex Moore
  • 3,415
  • 1
  • 23
  • 39

2 Answers2

1

Maybe the simplest way would be to create some kind of service endpoint in a separate virtual directory or running under a different app pool that does not do impersonation, and send the log events to that.

Otherwise your best bet is to make sure all your users are in a specific group and give the group permissions to write to the event log. Trying to give each individual user the same permission would get old really quick.

kprobst
  • 16,165
  • 5
  • 32
  • 53
  • Yeah, this would probably have worked if the request for Windows Log logging hadn't come so late in the project. I will keep it in mind for the next time a request like that comes in. – Alex Moore Feb 09 '12 at 19:53
0

Setting it up to Log to the Windows Event Log would have been too much work/insecure for our hosting environment, so we went with a Rolling Text Log file instead.

Alex Moore
  • 3,415
  • 1
  • 23
  • 39