Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C# EventLog Inaccessible Log

Below is an exception I encountered while running the immediately following code:

The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.

The code is

if (!EventLog.SourceExists(this.EventLogSource))

The content of the exception makes sense to me, it's why that doesn't. This line is running in Visual Studio 2010, .NET 4, as a console app ( for the time being ). I have run this in a different environment, but I wouldn't expect the fact that I'm remote desk'ed to break this method. I've tried changing HKML\CCS\Services\eventlog permissions - to no avail, as well as the C:\Windows\System32\Winevt\Logs\Security.evtx permissions. Again, to no avail.

My questions are as follows:

  1. Why isn't there an override to ignore secure logs,
  2. How can I work around this ( programatically )
  3. IS this because I'm remote desked.

Any advice would be great.

like image 883
DigitalJedi805 Avatar asked Jan 11 '12 19:01

DigitalJedi805


2 Answers

Microsoft requires that you be an administrator in order to execute this method for the very reason that you found.

Here is their explanation (from the MSDN documentation):

To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.

The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.

How you work around it will depend entirely on exactly what you need to do. The best recommendation if you are not able to log in as an administrator is to attempt to perform your action in a try/catch block and if a SecurityException is thrown, perform some alternate action.

like image 88
competent_tech Avatar answered Oct 12 '22 14:10

competent_tech


Accessing some EventLogs requires elevation. Run the app as an administrator instead.

like image 23
Paul Alexander Avatar answered Oct 12 '22 14:10

Paul Alexander