Menu
Short Version:
Are the event sources "Application" and "Application Error" always included in the Application Event Log? Are they available on new installations of Windows XP, Vista and Windows 7? Would it be really bad to use them instead of creating my own source (an impossibility for me)?
Long Version:
I have a ClickOnce application that is used by users without administrative privileges on their machines.
When I try to write to the Appliction Event Log, I get a security exception. (The Windows event logging infrastructure is trying to create me a new event source, and gets a security violation.)
So I would like to try reusing an existing event source. I have found a only two"generic-sounding" sources in the Application Event Log. Are these always part of a Windows installation, and would make a reasonable choice?
I am sure this is frowned upon, as I should distinguish my application using its own event source. But this is for infrequent fatal errors, which should be getting logged elsewhere by my code. I just want a really easy place to find them on a client machine in case it all goes wrong...
919
They are Information, Warning, Error, Success Audit (Security Log) and Failure Audit (Security Log).
By default, Event Viewer log files use the . evt extension and are located in the %SystemRoot%\System32\winevt\Logs folder. Log file name and location information is stored in the registry.
This Windows edition came with three Windows logs: Application event log, System event log and Security event log. Modern versions of Windows come with more than a hundred of Windows eventlogs, and third party applications can create and integrate into Windows logging their own event logs.
The event source indicates what logs the event. It is often the name of the application, or the name of a subcomponent of the application, if the application is large. Applications and services should write to the Application log or a custom log. Device drivers should write to the System log.
When I try to write to the Appliction Event Log, I get a security exception. (The Windows event logging infrastructure is trying to create me a new event source, and gets a security violation.)
I have just answered this here: Using EventLog in ClickOnce application
So I would like to try reusing an existing event source. I have found a only two"generic-sounding" sources in the Application Event Log. Are these always part of a Windows installation, and would make a reasonable choice?
It's really not wise to do this. Existing event sources will be used by either Windows applications, or by third party applications. If any of those are removed, or changed by something like a service pack or patch, your program will crash unless you have implemented exception handling to handle the exception gracefully, but then you wont have any event logging.
Also consider the work you may have to do to port your app to the next version of Windows. I suggest you will be making a rod for your own back.
In the answer I linked to, I suggested the best way to handle the problem, is to install your application using admin privs with the installer creating the source, or by creating a simple app that effectively does the same using the admin role.
The only thing else I can suggest is to always run your application in admin mode.
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
