EventLog.SourceExists

https://stackoverflow.com/questions/9564420/the-source-was-not-found-but-some-or-all-event-logs-could-not-be-searched

EventLog.SourceExists enumerates through the subkeys of HKLM\SYSTEM\CurrentControlSet\services\eventlog to see if it contains a subkey with the specified name.

If the user account under which the code is running does not have read access to a subkey that it attempts to access (in your case, the Security subkey) before finding the target source, you will see an exception like the one you have described.

The usual approach for handling such issues is to register event log sources at installation time (under an administrator account), then assume that they exist at runtime, allowing any resulting exception to be treated as unexpected if a target event log source does not actually exist at runtime.

  private void LogUtil_Error(object sender, Log4NetError e)

        {

            using (EventLog eventLog = new EventLog("Lisa"))

            {

                eventLog.Source = "LISA.BackOffice";

                var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{e}";

                eventLog.WriteEntry(message, EventLogEntryType.Error);

            }

            Environment.Exit();

        }

The source was not found, but some or all event logs could not be searched.

To create the source, you need permission to read all event logs to make sure that the new source name is unique.  Inaccessible logs: Security.

System.Security.SecurityException when writing to Event Log

答案1

To give Network Service read permission on the EventLog/Security key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx

  1. Open the Registry Editor:
    1. Select Start then Run
    2. Enter regedt32 or regedit

  2. Navigate/expand to the following key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security

  3. Right click on this entry and select Permissions

  4. Add the Network Service user

  5. Give it Read permission

UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.

I am using PowerShell function (calling in Octopus Deploy.ps1)

function Create-EventSources() {

    $eventSources = @("MySource1","MySource2" )

    foreach ($source in $eventSources) {

            if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {

                [System.Diagnostics.EventLog]::CreateEventSource($source, "Application")

            }

    }

}

答案2

The problem is that the EventLog.SourceExists tries to access the EventLog\Security key, access which is only permitted for an administrator.

A common example for a C# Program logging into EventLog is:

string sSource;

string sLog;

string sEvent;

sSource = "dotNET Sample App";

sLog = "Application";

sEvent = "Sample Event";

if (!EventLog.SourceExists(sSource))

    EventLog.CreateEventSource(sSource, sLog);

EventLog.WriteEntry(sSource, sEvent);

EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);

However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application as EventLog.SourceExists will then try to access EventLog\Security.

if (!EventLog.SourceExists(sSource))

    EventLog.CreateEventSource(sSource, sLog);

Therefore the recommended way is to create an install script, which creates the corresponding key, namely:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App

One can then remove those two lines.

You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]
 

在application pool的高级设置里面

设置identity。一个有4个设置级别,local service,local system,network service,application pool identity

经过测试,发现只有local system有权限写event log

The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.的更多相关文章

  1. System.Security.SecurityException The source was not found, but some or all event logs could not be searched.Inaccessible logs Security.

    An exception occurred during the Install phase. System.Security.SecurityException The source was not ...

  2. 【.net】The source was not found, but some or all event logs could not be searched

    1.案发现场: 注册服务的时候 2.解决方案: 用管理员身份运行CMD,再注册服务: I had to run Command Prompt with Administrator Rights.

  3. windows服务部署与卸载

    同事问到windows service的东东,现在整理一下,用c#如何创建一个windows service,以及如何调试.部署.卸载. 一.创建windows service 1. 打开VS2008 ...

  4. 使用InstallUtil安装及卸载Windows服务的具体操作 Visual Studio 2012版本

    关于Visual Studio 2012中使用InstallUtil对Windows服务进行安装与卸载的文章,在MSDN中的http://msdn.microsoft.com/en-us/librar ...

  5. 【翻译】Flume 1.8.0 User Guide(用户指南) source

    翻译自官网flume1.8用户指南,原文地址:Flume 1.8.0 User Guide 篇幅限制,分为以下5篇: [翻译]Flume 1.8.0 User Guide(用户指南) [翻译]Flum ...

  6. Flume自定义Source、Sink和Interceptor(简单功能实现)

    1.Event event是flume传输的最小对象,从source获取数据后会先封装成event,然后将event发送到channel,sink从channel拿event消费. event由头he ...

  7. 60款开源云应用【Part 3】(60 Open Source Apps You Can Use in the Cloud)

    60款开源云应用[Part 3](60 Open Source Apps You Can Use in the Cloud) 本篇翻译自http://www.datamation.com/open-s ...

  8. 一次flume exec source采集日志到kafka因为单条日志数据非常大同步失败的踩坑带来的思考

    本次遇到的问题描述,日志采集同步时,当单条日志(日志文件中一行日志)超过2M大小,数据无法采集同步到kafka,分析后,共踩到如下几个坑.1.flume采集时,通过shell+EXEC(tail -F ...

  9. The Open Source Business Model is Under Siege

    https://www.influxdata.com/blog/the-open-source-database-business-model-is-under-siege/ A few weeks ...

随机推荐

  1. discuz x3论坛搬家换虚拟主机完美使用教程 亲测可行 附操作步骤

    第一步:备份网站数据进入后台—站长—数据库—备份,数据备份类型选择“Discuz!和 UCenter数据”,备份成功以后,数据自动保存在data文件夹下. 第二步:网站文件下载 把整个网站文件打包(虚 ...

  2. MySQLWorkBench怎么设置主键自增长

    参考 https://blog.csdn.net/qq_40472613/article/details/87858099 勾选AI选项,相当于执行了这个语句: AUTO_INCREMENT表示自增 ...

  3. 从Element.getElementsByTagName方法说起

    一.getElementsByTagName方法: 我们先看几个解释:1)W3C:getElementsByTagName() 方法可返回带有指定标签名的对象的集合.没有说明返回值的具体类型.2)菜鸟 ...

  4. ThinkPHP---TP功能类之联表查询

    [一]介绍 在原生的sql中使用join 语法进行数据的联表查询, 在ThinkPHP里支持联表查询操作,但是可以归纳成两种方式:table方法.join方法 (1)table方法:在TP中对应SQL ...

  5. 07Oracle Database 数据表

    Oracle Database 数据表 DDL 数据定义语言 -  建立数据库对象 create /alter/ drop/ truncate 创建表 Create table table_name( ...

  6. Linux kernel 内存 - 页表映射(SHIFT,SIZE,MASK)和转换(32位,64位)

    0. Intro 如下是在32位下的情况,32位下,只有三级页表:PGD,PMD,PTE 在64位情况下,会有四级页表:PGD,PUD,PMD,PTE 但是原理基本上是一样的,本文主要是想记录一下页表 ...

  7. iOS中NSAttributedString的使用--对关键字着色,以及处理html实例

    1,最近项目中用到了一个功能,一个很好的功能.就是用户在搜索的时候,搜索结果出来后对你输入的关键字进行红色标记.这样用户就很请楚的看到自己输入什么后会出现什么样子的结果.还有一个功能是,现在有一段文字 ...

  8. iview“官方“实现的右键菜单

    博客开篇,没想到第一篇博文竟然是前端的,虽略显尴尬,但正能量溢出,你我可能遇到同样问题,在这里分享下个人方案,希望对你有用. 官方目前不提供右键菜单,这里借助Dropdown(下拉菜单)来实现,故为“ ...

  9. c/c++编程排坑(1)-- 数据类型的“安静”转换

    这里主要介绍ANSI C的特性:当执行算术运算时,操作数的类型如果不同,就会发生转换.数据类型一般朝着精度更高.长度更长的方向转换,整型数如果转换为signed不会丢失信息,就转换为signed,否则 ...

  10. Effective C++标题整理

    Effective C++ 话说光看这50个tip又有什么用呢?只有实际使用的时候才体现它们的价值才对. 就像只看<代码大全>不能成为一个好程序员,必须结合实际写项目经验才行. 从C转向C ...