EventLog.SourceExists enumerates through the subkeys of HKLMSYSTEMCurrentControlSetserviceseventlog to see if it contains a subkey with the specified name.
If the user account under which the code is running does not have read access to a subkey that it attempts to access (in your case, the Security subkey) before finding the target source, you will see an exception like the one you have described.
The usual approach for handling such issues is to register event log sources at installation time (under an administrator account), then assume that they exist at runtime, allowing any resulting exception to be treated as unexpected if a target event log source does not actually exist at runtime.
private void LogUtil_Error(object sender, Log4NetError e) { using (EventLog eventLog = new EventLog("Lisa")) { eventLog.Source = "LISA.BackOffice"; var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{e}"; eventLog.WriteEntry(message, EventLogEntryType.Error); } Environment.Exit(1); }
The source was not found, but some or all event logs could not be searched.
To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.
System.Security.SecurityException when writing to Event Log
答案1
To give Network Service read permission on the EventLog/Security key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx
- Open the Registry Editor:
- Select
StartthenRun - Enter
regedt32orregedit
- Select
-
Navigate/expand to the following key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventlogSecurity -
Right click on this entry and select Permissions
-
Add the
Network Serviceuser -
Give it Read permission
UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.
I am using PowerShell function (calling in Octopus Deploy.ps1)
function Create-EventSources() {
$eventSources = @("MySource1","MySource2" )
foreach ($source in $eventSources) {
if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
[System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
}
}
}
答案2
The problem is that the EventLog.SourceExists tries to access the EventLogSecurity key, access which is only permitted for an administrator.
A common example for a C# Program logging into EventLog is:
string sSource;
string sLog;
string sEvent;
sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);
EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLogApplication as EventLog.SourceExists will then try to access EventLogSecurity.
if (!EventLog.SourceExists(sSource))
EventLog.CreateEventSource(sSource, sLog);Therefore the recommended way is to create an install script, which creates the corresponding key, namely:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplicationdotNET Sample App
One can then remove those two lines.
You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogApplicationdotNET Sample App] 在application pool的高级设置里面
设置identity。一个有4个设置级别,local service,local system,network service,application pool identity
经过测试,发现只有local system有权限写event log
