Comments

• bruce April 30, 2004 10:44 AM

  Just to clarify - you should use regedt32, not RegEdit, and select Security->Permissions, not Edit->Permissions.
  
  Depending upon what you're actually doing, you may only need read control to this reg key.
  

• bruce September 9, 2004 9:08 AM

  Tx...as usual microsoft has still the old habits of half baked cakes and without telling how to bake it furher. We spent over 4-5 hours to create Eventlogs b4 reading this article

• bruce November 29, 2004 11:42 AM

  When did CustomSD appear?! This article took a while to find but solved our problem trying to get a custom ASP.NET account to write to Windows 2003 event logs. Added the string (A;;0x3;;;SID-OF-CUSTOM-ASPNET-ACCOUNT) to the existing CustomSD string....

• bruce November 29, 2004 11:42 AM

  When did CustomSD appear?! This article took a while to find but solved our problem trying to get a custom ASP.NET account to write to Windows 2003 event logs. Added the string (A;;0x3;;;SID-OF-CUSTOM-ASPNET-ACCOUNT) to the existing CustomSD string....

• bruce February 17, 2005 7:42 PM

  As you mentioned the method suggested opens a hole. An alternative is to just add a KEY to the
  
  HKEY_LOCAL_MACHINE\SYSTEM\
  CurrentControlSet\Services\EventLog\
  Application
  
  
  Give the KEY a Name. For example your <application name>. In your ASP.NET code refer to the eventLog.Source = "<application name>" this should solve the problem

• bruce February 28, 2005 5:51 AM

  I found this article very useful.
  Thank you

• bruce March 3, 2005 12:15 PM

  Can anyone of you explain in detail....

• bruce March 4, 2005 9:28 AM

  Thanks a lot for this article. It would have taken me forever to solve it.

• bruce June 9, 2005 3:15 PM

  Any idea how to read "security" log? Even after impersonating my page I get an error stating lack of priviledges.

• bruce June 10, 2005 9:18 AM

  To get at the security log, you need to have one of the following rights:
  
  1. The "manage auditing and Security log" user right.
  
  2. The SE_AUDIT_NAME privilege.
  
  Does your impersonated user have those rights?

• bruce June 10, 2005 10:37 PM

  I'm having a problem writing events to a custom log. Like this...
  
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog
  
  and
  
  MyCustomLog\ExampleEventSource
  
  The only setting I have under the "ExampleEventSource" key is: "EventMessageFile = C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll"
  
  When the application runs and attempts to write an event to the log. It is rejected and simply written to the "Application" log with an error message complaining about permission".
  
  At first I thought it was the permissions to the key itself... But after attempting to set a few custom permissions with no change in output... I realized that maybe the "EventMessageFile" needs to be mapped to a different object. However, I dont know which one. Any ideas? I'll provide more detail if needed.

• bruce June 10, 2005 10:43 PM

  Nevermind that last post... I realized that is not the problem.
  
  Here is the error I'm currently stuck with:
  
  An error occurred while the Distributor was processing the message. Please check your configuration files for errors or typos. Verify that your sinks are reachable (queues exist, permissions are set, database exists, etc...)
  
  Sink failed because: System.Security.SecurityException: Requested registry access is not allowed.
  
  However, I'm AM able to write to the "Application" log with no problems. But I want to be able to write to my own custom log. What am I missing???

• TrackBack August 11, 2005 10:32 AM

• bruce December 12, 2005 12:23 AM

  jfghf

• bruce March 28, 2006 2:24 PM

  Thanks. I used Regedt32, and added ASPNET account to the registry permission for Eventlog and set permission to create subkey and set value, and it worked!!!
  
  Great Help!!! Thanks.

• bruce March 28, 2006 2:25 PM

  I was just wondering if there's a easier way to just add the permission in code level.
  
  any idea?

• bruce June 9, 2006 6:50 AM

  I too spent a lot of time and doing 'n' number of changes here and there before coming across this useful article. Thanks for this help - the program runs like a charm. It would make life far more easier if there were a way to add permission at code level but I really dont think it can be done --- suggestions welcome.
  

• bruce July 5, 2006 6:23 AM

  I found that i had to do 2 things to get the logging to work. First create a new key with the source name in the following location as Sathya suggested:
  
  HKEY_LOCAL_MACHINE\SYSTEM\
  CurrentControlSet\Services\EventLog\
  Application
  
  I also had to add a new string value called:
  
  "EventMessageFile"
  
  with the following as it's value data:
  
  "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll"
  
  Once i'd done this i could create the events with no problems.

• bruce August 5, 2006 6:05 AM

  Thanks. I used Regedt32, and added ASPNET account to the registry permission for Eventlog and it worked for me!!!
  
  Great Help!!! Thanks.
  
  

• bruce October 12, 2006 3:45 PM

  excellent!!! This saved me who knows how long.....And coming from a VS 6 background, I'm not very savvy with the Registry, command prompts or any of that lower level stuff. This was simple and straightforward, and had me back up and running in two minutes.
  
  THANK YOU!

• bruce October 18, 2006 5:59 PM

  this helps. tks

• bruce November 8, 2006 3:58 PM

  great post, when you don't have the source and the installer didn't do the job it can be tough

• bruce December 12, 2006 8:48 AM

  Was really helpful

• Joe November 8, 2007 12:43 PM

  why not just write to your own log for the app?

  http://www.csharpfriends.com/Articles/getArticle.aspx?articleID=68

• Kevin February 19, 2008 4:57 PM

  It scares me to no end that so many people's solution is to grant full control when met with a security problem.  No wonder people get hacked.  Now, I don't have the answer personally but it would be a lot better if someone actually granted appropriate permissions instead of full control.

• Matt Taylor February 27, 2008 11:04 AM

  Thanks for this, just spent the last hour trying to figure out why this wasn't working.

  Adding the new key for my event source fixed it.

• Damien March 26, 2008 6:52 PM

  I tried all of these suggestions, but it was'nt until I disabled 'Local Impersonation' in the Application tab of the ASP.NET Configuration setting in IIS did logging start to work.

  Duh - its always the most obvious things !

  BTW useful resource, thanks.

• some one January 16, 2009 10:30 AM

  I found this article myself.

  And now I ponder do I do what one suggest and that is create the Source. Instead of every time trying to to write to the Source I test if it exist and if it does not create it.

  I think the benefit is two fold. The hole is not open, and you application does not have to do the If Statement.

  I would and am going to do what Bruce sugest.

  If you have to get into RegEdit(32) it is best to do thing that do not leave a hole open.

Leave a Comment