EventLog.SourceExists

https://stackoverflow.com/questions/9564420/the-source-was-not-found-but-some-or-all-event-logs-could-not-be-searched

EventLog.SourceExists enumerates through the subkeys of HKLM\SYSTEM\CurrentControlSet\services\eventlog to see if it contains a subkey with the specified name.

If the user account under which the code is running does not have read access to a subkey that it attempts to access (in your case, the Security subkey) before finding the target source, you will see an exception like the one you have described.

The usual approach for handling such issues is to register event log sources at installation time (under an administrator account), then assume that they exist at runtime, allowing any resulting exception to be treated as unexpected if a target event log source does not actually exist at runtime.

  private void LogUtil_Error(object sender, Log4NetError e)

        {

            using (EventLog eventLog = new EventLog("Lisa"))

            {

                eventLog.Source = "LISA.BackOffice";

                var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{e}";

                eventLog.WriteEntry(message, EventLogEntryType.Error);

            }

            Environment.Exit();

        }

The source was not found, but some or all event logs could not be searched.

To create the source, you need permission to read all event logs to make sure that the new source name is unique.  Inaccessible logs: Security.

System.Security.SecurityException when writing to Event Log

答案1

To give Network Service read permission on the EventLog/Security key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx

  1. Open the Registry Editor:
    1. Select Start then Run
    2. Enter regedt32 or regedit

  2. Navigate/expand to the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security

  3. Right click on this entry and select Permissions

  4. Add the Network Service user

  5. Give it Read permission

UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.

I am using PowerShell function (calling in Octopus Deploy.ps1)

function Create-EventSources() {

    $eventSources = @("MySource1","MySource2" )

    foreach ($source in $eventSources) {

            if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {

                [System.Diagnostics.EventLog]::CreateEventSource($source, "Application")

            }

    }

}

答案2

The problem is that the EventLog.SourceExists tries to access the EventLog\Security key, access which is only permitted for an administrator.

A common example for a C# Program logging into EventLog is:

string sSource;

string sLog;

string sEvent;

sSource = "dotNET Sample App";

sLog = "Application";

sEvent = "Sample Event";

if (!EventLog.SourceExists(sSource))

    EventLog.CreateEventSource(sSource, sLog);

EventLog.WriteEntry(sSource, sEvent);

EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);

However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application as EventLog.SourceExists will then try to access EventLog\Security.

if (!EventLog.SourceExists(sSource))

    EventLog.CreateEventSource(sSource, sLog);

Therefore the recommended way is to create an install script, which creates the corresponding key, namely:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App

One can then remove those two lines.

You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]
 

在application pool的高级设置里面

设置identity。一个有4个设置级别,local service,local system,network service,application pool identity

经过测试,发现只有local system有权限写event log

The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.的更多相关文章

  1. System.Security.SecurityException The source was not found, but some or all event logs could not be searched.Inaccessible logs Security.

    An exception occurred during the Install phase. System.Security.SecurityException The source was not ...

  2. 【.net】The source was not found, but some or all event logs could not be searched

    1.案发现场: 注册服务的时候 2.解决方案: 用管理员身份运行CMD,再注册服务: I had to run Command Prompt with Administrator Rights.

  3. windows服务部署与卸载

    同事问到windows service的东东,现在整理一下,用c#如何创建一个windows service,以及如何调试.部署.卸载. 一.创建windows service 1. 打开VS2008 ...

  4. 使用InstallUtil安装及卸载Windows服务的具体操作 Visual Studio 2012版本

    关于Visual Studio 2012中使用InstallUtil对Windows服务进行安装与卸载的文章,在MSDN中的http://msdn.microsoft.com/en-us/librar ...

  5. 【翻译】Flume 1.8.0 User Guide(用户指南) source

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  6. Flume自定义Source、Sink和Interceptor(简单功能实现)

    1.Event event是flume传输的最小对象,从source获取数据后会先封装成event,然后将event发送到channel,sink从channel拿event消费. event由头he ...

  7. 60款开源云应用【Part 3】(60 Open Source Apps You Can Use in the Cloud)

    60款开源云应用[Part 3](60 Open Source Apps You Can Use in the Cloud) 本篇翻译自http://www.datamation.com/open-s ...

  8. 一次flume exec source采集日志到kafka因为单条日志数据非常大同步失败的踩坑带来的思考

    本次遇到的问题描述,日志采集同步时,当单条日志(日志文件中一行日志)超过2M大小,数据无法采集同步到kafka,分析后,共踩到如下几个坑.1.flume采集时,通过shell+EXEC(tail -F ...

  9. The Open Source Business Model is Under Siege

    https://www.influxdata.com/blog/the-open-source-database-business-model-is-under-siege/ A few weeks ...

随机推荐

  1. jboss解决ip访问受限问题

    jboss启动后,localhost可以访问,127.0.0.1可以访问,但是内网ip却访问不了,比如ip是192.168.1.2,这个192.168.1.2就访问不到web页面 解决方案: jbos ...

  2. Mybatis学习总结四(关联查询)

    一.一对一查询 实例:查询所有订单信息,关联查询下单用户信息. Method1:使用resultType,定义订单信息po类,此po类中包括了订单信息和用户信息. public class Order ...

  3. java动态代理实现与原理详细分析(【转载】By--- Gonjan )

    [转载]By---Gonjan  关于Java中的动态代理,我们首先需要了解的是一种常用的设计模式--代理模式,而对于代理,根据创建代理类的时间点,又可以分为静态代理和动态代理. 一.代理模式     ...

  4. luogu P4137 Rmq Problem / mex 主席树 + 思维

    Code: #include<bits/stdc++.h> #define maxn 200001 using namespace std; void setIO(string s) { ...

  5. react antD 日期选择

    <DatePicker disabledDate={disabledDate} onChange={this.onChange} /> //创建时间禁用大于当前时间 <moment( ...

  6. 再读Android sqlite

    再读Android sqlite Android原生支持sqlite数据库操作,sqlite时轻量级关系型数据库,支持标准sql语句.Android对sqlite进行良好的接口封装来避免sql注入等安 ...

  7. CSDN怎么转载别人的博客

    在参考"如何快速转载CSDN中的博客"后,由于自己不懂html以及markdown相关知识,所以花了一些时间来弄明白怎么转载博客,以下为转载CSDN博客步骤和一些知识小笔记. 参考 ...

  8. SIMD学习 -- 用SSE2指令作点乘和累加计算

    这几天在做学校的一个学习小项目,需要用到SIMD指令计算提速.也是第一次碰这个,看了一些资料和代码,模仿着写了两个函数. void sse_mul_float(float *A, float *B, ...

  9. java开发掌握的Linux命令

    linux命令是对Linux系统进行管理的命令.对于Linux系统来说,无论是中央处理器.内存.磁盘驱动器.键盘.鼠标,还是用户等都是文件,Linux系统管理的命令是它正常运行的核心,与之前的DOS命 ...

  10. Mybatis中and和or的细节处理

    当一条SQL中既有条件查又有模糊查的时候,偶尔会遇到这样的and拼接问题.参考如下代码: <select id="listSelectAllBusiness"> sel ...