event-log | 易学教程

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security

阅读更多关于 System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security

问题 I am trying to create a Windows Service, but when I try and install it, it rolls back giving me this error: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security. I don't know what this means - my application has the bare minimum since I am just testing things out first. My Installer Code: namespace WindowsService1 { [RunInstaller(true)] public partial class ProjectInstaller : System.Configuration.Install

Reading .evt/.evtx files directly [closed]

阅读更多关于 Reading .evt/.evtx files directly [closed]

Hello does anybody know how to read .evt /.evtx which are Windows Event log files to read not using provided api's , I want to read them using FILE I/O apis in C/C++ . Or how to convert those files into .txt , I know splunk does this but not sure how they are doing this. I might be late but well, it could help a future reader so : To read an .evt file with standard lib (let's say in C++), you should be aware of ELF_LOGFILE_HEADER structure and EVENTLOGRECORD structure . In addition, here is the event log file format. Now everything is simpler, what you have to do is : I. Declare structures Log

Read Event Log Remotely with .NET

阅读更多关于 Read Event Log Remotely with .NET

I want to read the Event Log on a remote computer to check for errors during testing. Here's some relevant code: public bool CheckEventLogs(DateTime start) { EventLog myEventLog = new EventLog("CustomLog", "ServerName"); bool errorFound = false; foreach (EventLogEntry entry in myEventLog.Entries) { if (entry.EntryType == EventLogEntryType.Error && entry.TimeGenerated >= start) { Console.WriteLine("Error in Event Log:\n" + entry.Message + "\n"); errorFound = true; } } return errorFound; } Currently, this code throws an exception (Attempted to perform an unauthorized operation). According to

Configuring a custom event log for log4net

阅读更多关于 Configuring a custom event log for log4net

问题 I'm using log4net for logging (duh!). Using the EventLogAppender, I can configure my application name, so that my events will show up in the Application/"My Application Name" event log. However, I'd like to log events to "Some other event log"/"My Application Name". How do I configure that? Current config: <appender name="EventLogAppender" type="log4net.Appender.EventLogAppender" > <applicationName value="My application Name" /> <layout type="log4net.Layout.PatternLayout"> <conversionPattern

Eventlog listener - Applications and Services

阅读更多关于 Eventlog listener - Applications and Services

问题 Is there a way to watch events of "applications and services" when they are generated (in C#)? I've figured out that I can not use WMI for it. Any other ideas? 回答1: You can subscribe to EventLog.EntryWritten Event Occurs when an entry is written to an event log on the local computer. From MSDN: .... EventLog myNewLog = new EventLog(); myNewLog.Log = "MyCustomLog"; myNewLog.EntryWritten += new EntryWrittenEventHandler(MyOnEntryWritten); myNewLog.EnableRaisingEvents = true; } public static void

log4net doesn't log in Windows Event Viewer

阅读更多关于 log4net doesn't log in Windows Event Viewer

问题 I would like to log in the Windows Event Viewer using log4net. I created a Console Application (.NET Framework 4), I added the reference log4net.dll, I put the following code in my App.config: <configuration> <configSections> <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler,log4net"/> </configSections> <log4net> <appender name="EventLogAppender" type="log4net.Appender.EventLogAppender"> <layout type="log4net.Layout.PatternLayout"> <conversionPattern value="%date

Deleting Custom Event Log Source Without Using Code

阅读更多关于 Deleting Custom Event Log Source Without Using Code

I have an application that has created a number of custom event log sources to help filter its output. How can I delete the custom sources from the machine WITHOUT writing any code as running a quick program using System.Diagnostics.EventLog.Delete is not possible. I've tried using RegEdit to remove the custom sources from [HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Eventlog] however the application acts as if the logs still exist behind the scenes. What else am I missing? I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a

Why does EventRecord.FormatDescription() return null?

阅读更多关于 Why does EventRecord.FormatDescription() return null?

问题 When using System.Diagnostics.Eventing.Reader.EventLogQuery to read events from the Windows Event Log, the EventRecord.FormatDescription() method sometimes returns null. Why is this? In the Event Viewer there are messages on the events which return null. 回答1: This is due to a bug in the .NET framework. Basically what you need to do to work around this bug is to set the CurrentCulture to "en-US". Example: var beforeCulture = Thread.CurrentThread.CurrentCulture; try { Thread.CurrentThread

In Windows, what default event sources are available in the Application Event Log?

阅读更多关于 In Windows, what default event sources are available in the Application Event Log?

问题 Short Version: Are the event sources "Application" and "Application Error" always included in the Application Event Log? Are they available on new installations of Windows XP, Vista and Windows 7? Would it be really bad to use them instead of creating my own source (an impossibility for me)? Long Version: I have a ClickOnce application that is used by users without administrative privileges on their machines. When I try to write to the Appliction Event Log, I get a security exception. (The

GetNumberOfEventLogRecords returns incorrect number of event logs

阅读更多关于 GetNumberOfEventLogRecords returns incorrect number of event logs

I have this C++ code to read the event log records DWORD GetLogRecords(LPCWSTR wsLogFile) { HANDLE hEvt = OpenEventLog(NULL, wsLogFile); if (hEvt==NULL) return 0; DWORD dwTotalRecords; BOOL res = GetNumberOfEventLogRecords(hEvt, &dwTotalRecords); CloseEventLog(hEvt); return (res != 0) ? dwTotalRecords : 0; } Result atlTraceGeneral - C:\Windows\system32\winevt\logs\ACEEventLog.evtx - 23499 Total Records atlTraceGeneral - C:\Windows\system32\winevt\logs\Application.evtx - 23499 Total Records atlTraceGeneral - C:\Windows\system32\winevt\logs\ConnectionInfo.evtx - 23499 Total Records