.NET : How to set user information in an EventLog Entry?
The System.Diagnostics.EventLog class provides a way to interact with a windows event log. I use it all the time for simple logging...
System.Diagnostics.Ev
-
You need to add it yourself into the event message.
Use the System.Security.Principal namespace to get the current identity of the thread logging the event.
讨论(0) -
Toughie ...
I looked for a way to fill the user field with a .NET method. Unfortunately there is none, and you must import the plain old Win32 API [ReportEvent function](http://msdn.microsoft.com/en-us/library/aa363679(VS.85).aspx) with a
DLLImportAttributeYou must also redeclare the function with the right types, as Platform Invoke Data Types says
So
BOOL ReportEvent( __in HANDLE hEventLog, __in WORD wType, __in WORD wCategory, __in DWORD dwEventID, __in PSID lpUserSid, __in WORD wNumStrings, __in DWORD dwDataSize, __in LPCTSTR *lpStrings, __in LPVOID lpRawData );becomes
[DllImport("Advapi32.dll", EntryPoint="ReportEventW", SetLastError=true, CharSet=CharSet.Unicode)] bool WriteEvent( IntPtr hEventLog, //Where to find it ? ushort wType, ushort wCategory, ulong dwEventID, IntPtr lpUserSid, // We'll leave this struct alone, so just feed it a pointer ushort wNumStrings, ushort dwDataSize, string[] lpStrings, IntPtr lpRawData );You also want to look at [OpenEventLog](http://msdn.microsoft.com/en-us/library/aa363672(VS.85).aspx) and [ConvertStringSidToSid](http://msdn.microsoft.com/en-us/library/aa376402(VS.85).aspx)
Oh, and you're writing unmanaged code now... Watch out for memory leaks.Good luck :p
讨论(0) -
Usually, the user executing the code that calls the EventLog.WriteEntry method will be the user displayed in the event log for the entry.
You could try impersonating another user by creating your own Principal and Identity and associating it with the current thread, however this is not advised as it could introduce security issues and will definitely complicate your application.
讨论(0)
加载中...
- 热议问题