29

I'm trying to use log4net to write to a customer event log under IIS7 on Windows Server 2008 SP1. However, account doesn't seem to have access to write to the event log. Does anyone have any suggestions?

hlovdal
  • 26,565
  • 10
  • 94
  • 165
mhenderson
  • 293
  • 1
  • 3
  • 4
  • Possible duplicate of [System.Security.SecurityException when writing to Event Log](https://stackoverflow.com/questions/1274018/system-security-securityexception-when-writing-to-event-log) – Michael Freidgeim Aug 14 '18 at 21:48

5 Answers5

66

The problem is probably your event source. You have to create an event source before you can write to the event log (if you don't, the Event log object tries to create one for you "automagically" the first time you write to the log).

You have to have hightened permissions to create an event log source. In some of my web apps, I have put the code to create the event source into my setup (setup runs as admin, so I'm always guaranteed to be able to create the source).

You just have to create the source once. After that, your ASP.Net app should have sufficient permissions to write entries specifying the source (or sources) that you created.

You can use an EventLogInstaller in your setup to create the source, or you could just write a little utility to call EventLog.CreateEventSource() as an admin.

I'll show you both ways:


// You would do this one from within an Installer class in a setup:
        private void InstallEventLog()
        {
            EventLogInstaller logInstaller;

            //Create an instance of an EventLogInstaller.
            logInstaller = new EventLogInstaller();

            //Set the source name of the event log.
            logInstaller.Source = "TheEventSourceName";
            Installers.Add(logInstaller);
        }

Method 2: just call CreateEventSource once as an admin (you could put the following code into a console app, for example, and run the console app as admin


EventLog.CreateEventSource("TheSourceName", "Application");

Bonus: If you have Powershell installed on your server, you can do it from the Powershell command prompt: (Make sure you are running Powershell as an admin)


[system.Diagnostics.EventLog]::CreateEventSource("SourceName", "Application")

Hop that helps

JMarsch
  • 21,484
  • 15
  • 77
  • 125
  • Clarifying point: The string "SourceName" is whatever source name you want to use -- you can make it anything. The string "Application" is a literal -- like you literally use the word "Application" (that specifies the Windows Application log vs. the System log etc). The only exception would be if you are creating a whole custom event log and not just wanting to write to teh general Application event log. – JMarsch Jan 25 '21 at 15:44
15

Give the ASPNET permission to the event log.

Run -> regedit - > Browse to

HKEY_LOCAL_MACHINE
   \SYSTEM
      \CurrentControlSet
         \Services
            \Eventlog

Right click select permissions and give the ASPNET account full control

Ian Boyd
  • 246,734
  • 253
  • 869
  • 1,219
Michael Kniskern
  • 24,792
  • 68
  • 164
  • 231
  • 5
    That's probably a bad idea if you are distributing your app, there are IT admins who will not allow changes to the default security options. You should be able to play within the sandbox. – Chris Miller Apr 27 '10 at 19:24
  • 7
    Not sure why this is being down voted so much. It may not scale or even be acceptable for production, but it is a good answer that says specifically what the permission is, and how to give it. – Real John Connor Feb 14 '12 at 19:27
  • The changes take only effect after you restart your aplication on IIS – Zé Carlos Apr 01 '13 at 19:13
  • Honestly I would still use my original answer (the one marked as an answer). All of thse other methods require adding heightened permissions to the IIS account the original answer does not -- you just need to either run the setup as an admin, or run the single line of code once as an admin (while you are installing the web app) – JMarsch Jan 25 '21 at 15:42
8

IIS 8 permission solving answer

I am lazy and didn't create a special log in my code, instead I used:

System.Diagnostics.EventLog.WriteEntry("MyAppName", "Bla Bla SQL ERROR: "+sx.Message);

Just to complete Michael's answer In IIS8 the user used by IIS when running server side code is : IIS_IUSRS

(actually its more complicated because there are virtual accounts within IIS_IUSRS but they get permissions from that account, see IIS_IUSRS and IUSR permissions in IIS8 form more details)

That user only requires READ permission on this registry node:

HKLM\System\CurrentControlSet\Services\Eventlog\Security

The reason for this is that when a new log source is written to, before creating it, the system wants to check that it doesn't exist so it needs to READ the source names.

Also, if you are using the iis express of visual studio, it will run under your personal credentials, so if you don't have read access permission to the registry node above you will need to add it too when debugging under visual studio.

(If administrators has permission to the node and your are in that group, it is not enough, you need to run visual studio 'as administrator' - which will work only from visual studio shortcut and not the sln shortcut)

Another note: If the computer is in a domain and you can't find the IIS_IUSRS account when editing registry permissions, it is likely you are looking in the wrong 'location', searching for the account on the domain active directory instead of the local computer)

skfd
  • 2,528
  • 1
  • 19
  • 29
thedrs
  • 1,412
  • 12
  • 29
  • Note, if the IIS_IUSRS user is missing in the list, you are probably viewing domain users - change the locations to the local computer. the user IUSRS in the domain is not the one you need – thedrs Jul 07 '14 at 11:09
  • Also dont forget to restart the service (IIS) – thedrs Jul 07 '14 at 11:27
  • If it still doesn't work, go to your app pool properties choose advanced settings then mark the 'enable 32 bit applications to true. Mine was false, but this helped a friend so try it. – thedrs Sep 08 '14 at 07:36
  • The original answer would still work -- just run the code to create the event source as an admin 1 time. Do it at the same time you are deploying the web app. After than, your IIS app running at lower privilege will be able to write log entries using the new source. – JMarsch Jan 25 '21 at 15:43
2

I think a more secure option to @Michael Kniskern's good example is:

regedit...

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Eventlog \your_new_application_log

Give full control to just the specific application log created for the purposes of your application (in this example right-click your_new_application_log and set permissions there). Once the new log name is created it will appear in the registry nested under eventlog node as above.

Sheldon Hage
  • 414
  • 3
  • 8
0

I'm using IIS 10, and set the pool identity to Local System

see reference : https://stackoverflow.com/a/9067391/9975799

tyne
  • 97
  • 5
  • Please provide essestial details from link because link may get expired in future. – Abhishek Gurjar Jul 04 '19 at 05:56
  • I did the Item number 3 ( 3rd bullet ), set the Application Pool ( the one you are using on your site ) then set the identity to Local System – tyne Jul 09 '19 at 06:01