C# EventLog Inaccessible Log
Solution 1
Microsoft requires that you be an administrator in order to execute this method for the very reason that you found.
Here is their explanation (from the MSDN documentation):
To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
How you work around it will depend entirely on exactly what you need to do. The best recommendation if you are not able to log in as an administrator is to attempt to perform your action in a try/catch block and if a SecurityException is thrown, perform some alternate action.
Solution 2
Accessing some EventLogs requires elevation. Run the app as an administrator instead.
DigitalJedi805
Software engineer from Central California, self taught since 2000, college educated since 2008, industry experience since 2010.
Updated on June 02, 2022Comments
-
DigitalJedi805 almost 2 years
Below is an exception I encountered while running the immediately following code:
The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
The code is
if (!EventLog.SourceExists(this.EventLogSource))
The content of the exception makes sense to me, it's why that doesn't. This line is running in Visual Studio 2010, .NET 4, as a console app ( for the time being ). I have run this in a different environment, but I wouldn't expect the fact that I'm remote desk'ed to break this method. I've tried changing
HKML\CCS\Services\eventlog
permissions - to no avail, as well as theC:\Windows\System32\Winevt\Logs\Security.evtx
permissions. Again, to no avail.My questions are as follows:
- Why isn't there an override to ignore secure logs,
- How can I work around this ( programatically )
- IS this because I'm remote desked.
Any advice would be great.
-
DigitalJedi805 over 12 yearsIm running out of a debugging environment logged in as a system Administrator. Should suffice?
-
Paul Alexander over 12 yearsLogged in as an administrator is not enough - the application must be started with elevated privileges.
-
Conrad Frix over 12 yearsThe code in question isn't logging code. Its searching for the existence of a LogSource so its not clear how relevant your suggestion is. For all we know the application is responsible for reading from the logs
-
DigitalJedi805 over 12 yearsGood explanation, and thank you, but I seem to be missing the part where my local account ( remote desked or not ) IS a member of the Administrators group. As such I should retain administrative privileges, should I not?
-
DigitalJedi805 over 12 yearsRan VS2010 as administrator seemed to fix this for my debugging environment, at the very least. Thanks for the advice.
-
DigitalJedi805 over 12 yearsRan VS2010 as administrator seemed to fix this for my debugging environment, at the very least. Thanks for the advice.
-
serge over 9 yearsWhat if the "user" is the IIS (in an ASP.NET application), by ex?