All geek questions in one place

Why does the Event Log EntryWritten event never fire?

I have the following code in both the C # console application and the C # Windows service. It works in a console application. It selects the specified event and correctly calls MatchEvent (). The same code in the Windows C # service does not receive the same specified event, it never sees it, but sees other events. The corresponding event is written to the application log, so I am not trying to read the security log.

I realized that this is a problem with account permissions (the service works like LocalSystem). I changed the service to use the same account in which I was running consoleapp and I still see the same behavior. I checked that nothing was done with the GP or the custom registry to change permissions (this is the new installed OS), and the account used in both applications is localadmin.

Is there something I am missing? I also studied EventLogPermission, but this does not seem to apply as I am receiving events from eventLog.

Code:

private void WatchLogs()
{
    try
    {
        _eventLogs = EventLog.GetEventLogs();

        foreach (EventLog eventLog in _eventLogs)
        {
            if (eventLog.LogDisplayName.Contains("Security"))
            {
                _logger.DebugFormat(string.Format("{0}: not watching", eventLog.LogDisplayName));
            }
            else
            {
                eventLog.EntryWritten += EventLogEntryWritten;
                eventLog.EnableRaisingEvents = true;

                if (_logger.IsInfoEnabled)
                {
                    _logger.InfoFormat("Monitoring: {0} | Raising Events: {1}", eventLog.LogDisplayName,
                                       eventLog.EnableRaisingEvents);
                }
            }
        }
    }
    catch (Win32Exception ee)
    {
        _logger.DebugFormat(string.Format("{0}: not watching({1})", eventLog.LogDisplayName, ee.Message));
    }
    catch (SecurityException securityException)
    {
        _logger.ErrorFormat("Error accessing eventlog: {0} : {1}", eventLog.LogDisplayName, securityException.Message);
    }
}

private void EventLogEntryWritten(object sender, EntryWrittenEventArgs currentEvent)
{
  var log = (EventLog) sender;

  if (_logger.IsDebugEnabled)
    _logger.DebugFormat(
      "Event Raised: |Log:{0}|Source:{1}|EventID:{2}|",log.LogDisplayName,
        currentEvent.Entry.Source,currentEvent.Entry.EventID);

  MatchEvent(currentEvent);
}
+3
source share
2 answers

, , . WMI ( System.Management), . , , . . " ".

WriteEntry ( ) , .

0

. , 100 , :

  • - , node, , EventLog .
  • WriteEntry() . , , , .

. : msdn

0

Source: https://habr.com/ru/post/1708359/

More articles:


All Articles