How to read the message of a system event log

[Guest]

Under Vista, my program, when reading the system event log, will not show the
message saying I don't have the right permission. All I wisht to do is read
the event log and show the error messages. Do I need to somehow use
EventLogPermission? I can't find any examples of how to use it properly.
Does someone know how to correctly read the system event log messages?

 

[Willy Denoyette [MVP]]

Under Vista, my program, when reading the system event log, will not show
the
message saying I don't have the right permission. All I wisht to do is
read
the event log and show the error messages. Do I need to somehow use
EventLogPermission? I can't find any examples of how to use it properly.
Does someone know how to correctly read the system event log messages?

Are you sure you run this program from a local disk? Programs loaded from a
shared network resource don't have the permission to read from the
eventlogs.


Willy.

 

[Guest]

This is being run on my local machine. I am an "administrator" and thought
that I could at least read the messages of the event logs. But, in this
case, the system messages are being denied access.

 

[Willy Denoyette [MVP]]

This is being run on my local machine. I am an "administrator" and
thought
that I could at least read the messages of the event logs. But, in this
case, the system messages are being denied access.

So you are sure the program gets loaded from a local disk, right?
In that case, there shouldn't be a problem to read from the eventlog (except
from the "security" log).
Please post the exact exception message and possibly a complete sample of
the code that illustrates the issue.
Note, that the "administrator" account is disabled on Vista and that, as per
default, all "administrators" run a normal users, unless you run
"elevated".

Willy.

 

[kevn]

Did anyone ever find the answer to this? I am doing a similar thing in Powershell. I can confirm that the account I am using is an admin (I am using Longhorn server where the admin account behaves as it always has by default). Also, I am able to read other parts of the security log, including the expansion strings. For some reason I cannot read the message.

I am using System.Diagnostics.EventLog to access the event log (and the Get-EventLog cmdlet also shows this behavior, not surprising because it uses System.Diagnostics.EventLog

From http://www.developmentnow.com/g/36_...-to-read-the-message-of-a-system-event-log.ht

Posted via DevelopmentNow.com Group
http://www.developmentnow.com

 

[Guest]

Willy,

I am using VS2008 Beta 2. I can correclty read the messages from the
Application and System event logs now. However, I can't read anything from
the Security event logs. You made a comment about that in your previous
email. Do you know how I may read the Security EventLogs?

 

[Steven Cheng[MSFT]]

Hi Steve,

For security event log, you should be able to read it if the running
security identity is of administrators group. Since you're running it on
Vista, you should elevate it to admin privilege when start the program,
have you done the elevation?

here is a simple test program which can correctly printout the security
eventlog in my local test environment:

===================
class Program
{
static void Main(string[] args)
{
Run();
}

static void Run()
{
EventLog log = new EventLog("Security",
Environment.MachineName);

foreach (EventLogEntry entry in log.Entries)
{
Console.WriteLine("{0}-{1}--{2}", entry.TimeWritten,
entry.Category, entry.Message);
}
}


}
=========================

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

How do I elevate the program to admin privileges? Can it be done in code?

 

[Steven Cheng[MSFT]]

Thanks for your reply Steve,

The requirement to elevate the program(if you want it to run under
administrator privilege from begining) is due to the Vista UAC feature:

# User Account Control Overview
http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx

Here is a web article that mentioned several means to make a program run
with administrator rights:

#Vista UAC: 8 ways how to elevate an application to run it with
Administrator rights
http://4sysops.com/archives/vista’s-uac-8-ways-how-to-elevate-an-app
lication-to-run-it-with-administrator-rights/

also, for application developer, Vista compatible program support using an
embeded manifest(as embeded resource) to indicate that this program need
elevation at the startup time:

#How to embed a manifest in an assembly: let me count the ways...
http://blogs.msdn.com/cheller/archive/2006/08/24/how-to-embed-a-manifest-in-
an-assembly-let-me-count-the-ways.aspx

#Windows Vista - Demand UAC elevation for an application by adding a
manifest using mt.exe
http://community.bartdesmet.net/blogs/bart/archive/2006/10/28/Windows-Vista-
_2D00_-Demand-UAC-elevation-for-an-application-by-adding-a-manifest-using-mt
..exe.aspx

Hope this also helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Thank you. Your links pointed me to a location where I learned how to create
a manifest file properly. It now seems to be working. Thanks again.

 

[Steven Cheng[MSFT]]

You're welcome

Have a nice day!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.