Permissions for the event log are driven through the registry. Each event log has an entry in the registry under the following key:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ EventLog
To allow the ASP. net account access to create an event source, you need to have read permission on this and all sub keys, and write permission on the event to which you want to create the event source. part of your error message says "inaccessible logs: security. ". note that "virtual server" seems to be another common inaccessible log. this means that for the security log, the ASP. net account (machinename \ ASPnet) does not have read access to that key.
For reasons that I can't explain, the EventLog. createeventsource () method attempts to search event sources under all event logs, not just the event log for which you want to create the source. there are two solutions to this. the first, easiest, and most insecure, is just to give read/write access to all event logs for the ASP. net account. to do this, follow these steps:
- Start-> Run-> regedit.exe
- Navigate to my computer> HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ EventLog
- Right click this key, select permissions, and grant the ASPNET account read/write permissions as described above. note that for the "inaccessible" logs (ie. security, virtual server), you'll also need to grant read access, as permissions have been set to not inherity from the parent key.
- Restart IIS (START-> Run-> iisreset)
- Cause the code line that creates the event source to be executed (Eventlog. createeventsource ())
I don't like this solution because it means that every time a new program that installits own log (an hence premissions) is installed, the same problem will be encountered.
The second solution is to bypass the use of the EventLog. createeventsource () code, and write your own event source addition code, by directly editing adding it to the Registry (using code, not Regedit !).
Each event source appears as a key below the event log name. so an event source named "mediamanager" under the event log "hoksoft" wocould appear as HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Eventlog \ hoksoft \ mediamanager.
An "event message file" contains resource strings which format your message content based on parameters. the default. net message file, eventlogmessages. DLL, simply has one parameter "% 1", which means that your text is inserted as the message content in its entirity. for further reading on this topic, read http://www.codeproject.com/dotnet/evtvwr.asp. anyway, to avoid message text similar to the following being displayed...
The description for event ID (0) in source (mediamanager) cannot be found. the local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. you may be able to use the/auxsource = flag to retrieve this description; see Help and Support for details. the following information is part of the event:
..., It's necessary to set the eventmessagefile parameter (registry string value) under the subkey for the event source. the default location of this file is in the following directory: C: \ winnt \ Microsoft. net \ framework \ v2.0.50727 \, where v2.0.50727 is the version of the framework you are using (starting with v1.1.x ).
The following partial snippet of code shoshould contain enough detail to dynamically create the event log source, without requiring access to other Event Logs. To use this code snippet, ensure that the following permissions are set:
- Read access to ASPnet on the EventLog key: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ EventLog
- Read + write (full control OK) on the Custom Event Log for your application, eg ., for event log "hoksoft", on key: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Eventlog \ hoksoft
- Ensure that the permissions are set to apply to "this key and subkeys ".
String eventlogname = "hoksoft ";
String sourcename = "mediamanager ";
EventLog hoksoftlog;
Hoksoftlog = new EventLog ();
Hoksoftlog. log = eventlogname;
// Set default event source (to be same as Event Log name) if not passed in
If (sourcename = NULL) | (sourcename. Trim (). Length = 0 ))
{
Sourcename = eventlogname;
}
Hoksoftlog. Source = sourcename;
// Extra raw event data can be added (later) if needed
Byte [] raweventdata = encoding. ASCII. getbytes ("");
/// Check whether the event source exists. It is possible that this may
/// Raise a security exception if the current process account doesn't
/// Have permissions for all sub-keys under
/// HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ EventLog
// Check whether registry key for source exists
String keyname = @ "SYSTEM \ CurrentControlSet \ Services \ Eventlog \" + eventlogname;
Registrykey rkeventsource = registry. localmachine. opensubkey (keyname + @ "\" + sourcename );
// Check whether key exists
If (rkeventsource = NULL)
{
/// Key does not exist. Create key which represents Source
Registry. localmachine. createsubkey (keyname + @ "\" + sourcename );
}
/// Now validate that the. NET event message file, eventmessagefile. dll (which correctly
/// Formats the content in a log message) is set for the event Source
Object eventmessagefile = rkeventsource. getvalue ("eventmessagefile ");
/// If the event source message file is not set, then set the event source message file.
If (eventmessagefile = NULL)
{
/// Source Event file doesn't exist-determine. NET Framework location,
/// For event messages file.
Registrykey dotnetframeworksettings = registry. localmachine. opensubkey (
@ "SOFTWARE \ Microsoft \. netframework \");
If (dotnetframeworksettings! = NULL)
{
Object dotnetinstallroot = dotnetframeworksettings. getvalue (
"Installroot ",
Null,
Registryvalueoptions. None );
If (dotnetinstallroot! = NULL)
{
String eventmessagefilelocation =
Dotnetinstallroot. tostring () +
"V" +
System. environment. version. Major. tostring () + "." +
System. environment. version. Minor. tostring () + "." +
System. environment. version. Build. tostring () +
@ "\ Eventlogmessages. dll ";
/// Validate file exists
If (system. Io. file. exists (
Eventmessagefilelocation ))
{
/// The event message file exists in the anticipated location on
/// Machine. Set this value for the new event Source
// Re-open the key as Writable
Rkeventsource = registry. localmachine. opensubkey (
Keyname + @ "\" + sourcename,
True );
// Set the "eventmessagefile" Property
Rkeventsource. setvalue (
"Eventmessagefile ",
Eventmessagefilelocation,
Registryvaluekind. String );
}
}
}
Dotnetframeworksettings. Close ();
}
Rkeventsource. Close ();
/// Log the message
Hoksoftlog. writeentry (
Logmessage,
Type,
Eventid,
0,
Raweventdata );
