12

Below is an exception I encountered while running the immediately following code:

The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.

The code is

if (!EventLog.SourceExists(this.EventLogSource))

The content of the exception makes sense to me, it's why that doesn't. This line is running in Visual Studio 2010, .NET 4, as a console app ( for the time being ). I have run this in a different environment, but I wouldn't expect the fact that I'm remote desk'ed to break this method. I've tried changing HKML\CCS\Services\eventlog permissions - to no avail, as well as the C:\Windows\System32\Winevt\Logs\Security.evtx permissions. Again, to no avail.

My questions are as follows:

  1. Why isn't there an override to ignore secure logs,
  2. How can I work around this ( programatically )
  3. IS this because I'm remote desked.

Any advice would be great.

dsolimano
  • 8,870
  • 3
  • 48
  • 63
DigitalJedi805
  • 1,486
  • 4
  • 16
  • 41
  • Just pointing out you are addressing a global audience. Keep it in mind. – Oded Jan 11 '12 at 19:43
  • Removed `Good afternoon` as per http://meta.stackexchange.com/questions/2950/should-hi-thanks-taglines-and-salutations-be-removed-from-posts, thus solving the problem. – dsolimano Jan 11 '12 at 20:00
  • I am also having this problem, I found places where the app uses the EventLog Class directly and removed those lines, built, published. users installed new version of the windows app and still getting this error. can't find how the app or what in the app is trying to read/write from eventlog. don't want to raise a question, hoping someone from this thread have any thoughts. thanks. – Janatbek Orozaly Nov 25 '19 at 19:16

3 Answers3

17

Microsoft requires that you be an administrator in order to execute this method for the very reason that you found.

Here is their explanation (from the MSDN documentation):

To search for an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.

The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.

How you work around it will depend entirely on exactly what you need to do. The best recommendation if you are not able to log in as an administrator is to attempt to perform your action in a try/catch block and if a SecurityException is thrown, perform some alternate action.

Community
  • 1
  • 1
competent_tech
  • 44,465
  • 11
  • 90
  • 113
  • Good explanation, and thank you, but I seem to be missing the part where my local account ( remote desked or not ) IS a member of the Administrators group. As such I should retain administrative privileges, should I not? – DigitalJedi805 Jan 11 '12 at 20:17
  • 1
    Ran VS2010 as administrator seemed to fix this for my debugging environment, at the very least. Thanks for the advice. – DigitalJedi805 Jan 11 '12 at 20:19
8

Accessing some EventLogs requires elevation. Run the app as an administrator instead.

Paul Alexander
  • 31,970
  • 14
  • 96
  • 151
0

I recommend to use Logging Application Block of Enterprise Library in order to implement the correct logging.

Start reading from here

NoWar
  • 36,338
  • 80
  • 323
  • 498
  • 1
    The code in question isn't logging code. Its searching for the existence of a LogSource so its not clear how relevant your suggestion is. For all we know the application is responsible for reading from the logs – Conrad Frix Jan 11 '12 at 20:01