Differences between revisions 19 and 26 (spanning 7 versions)
Revision 19 as of 2011-06-02 17:13:25
Size: 3998
Editor: KaiJaeger
Comment:
Revision 26 as of 2017-01-14 23:05:01
Size: 2289
Editor: KaiJaeger
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:
The Windows Event Log is important to many large organisation due to the fact that servers situated in a special room cannot be accessed easily, not even by an administrator, and that monitoring them has to be done remotely as a conseqence. The Windows Event Log '''can''' be easily monitored remotely and is therefore the ideal place to report "Start", "Stop", "Fatal Error", Security problems and more. The Windows Event Log is important to many large organisation due to the fact that servers situated in a special room cannot be accessed easily, not even by an administrator, and that monitoring them has therefore to be done remotely.

The Windows Event Log '''can''' be easily monitored remotely and is therefore the ideal place to report "Start", "Stop", "Fatal Error", Security problems and more.
Line 15: Line 17:
There are a number of so-called classes available in the Windows Event Log: There are a number of so-called "Logs" available in the Windows Event Log:
Line 19: Line 21:
There might be others as well. It is possible to create your own class, although this is '''not''' recommended. There might be others as well. It is possible to create your own Log.
Line 21: Line 23:
An APL application programmer is likely to want to write into the "Application" class. Therefore, the '''WindowsEventLog''' class defaults to that Window Event Log class. While security is reserved for Microsoft "System" should be use by drivers etc. "Application" is the natural choice for an APL program, although you might want to create your own log.
Line 25: Line 27:
Note that within a class you must specify a source, normally your application name. Note further that the name of the source must be unqiue '''across all classes''', not only the class you try to write to!

Example: there is a source "Server" in the "Application" class on my machine. Although I can create a new class "!MyAppl", I cannot use "Server" as a source name as a consequence!		 Note that within a class you must specify a source, normally your application name. Note further that the name of the source must be unique '''across all logs''', not only the log you try to write to!
Line 30: Line 30:
The '''WindowsEventLog''' class uses .NET but tries to hide everything not needed for an APL application programmer, or to use appropriate defaults. The '''WindowsEventLog''' class uses .NET but tries to hide everything not needed by an APL application programmer, or to use appropriate defaults.
Line 33: Line 33:
Using this class without Admin rights, for example when your application runs as a service, needs "!EventLogPermission" rigths. On a server you cannot control this might be a problem. Microsoft explicitly points out that granting this right is a security risc and should therefore only be given to code that is fully managed (trusted). Using this class without admin rights, for example when your application runs as a service, needs "!EventLogPermission" rights. On a server were you cannot control this it might be a problem. Microsoft explicitly points out that granting this right is a security risk and should therefore only be given to code that is fully managed (trusted).
Line 35: Line 35:
== Example ==

{{{
 my←⎕NEW #.WindowsEventLog(,⊂'MyApp')
 my.WriteInfo 'Server started'
 my.WriteWarning 'Low on memory'
 my.WriteError 'Fatal error, server stopped'
 my.WriteInfo 'Server started'
}}}

== Problems ==

When you get this:

{{{

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
 ( at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly)
   at System.Diagnostics.EventLog.SourceExists(String source, String machineName)
   at System.Diagnostics.EventLog.SourceExists(String source))
}}}

this is because Microsoft in its wisdom has refused to grant "Read" permission to parts of the Event log in some versions of the Windows operating system. I wasn't able to establish a pattern...

Follow these steps in order to solve the problem:

 1. Select Start - Run, then enter: regedt32
 1. Navigate/expand to the following key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security`
 1. Right click on this entry and select Permissions
 1. Add the user name
 1. Give it Read permission		 Normally you get around this by establishing the Source (and possibly also the Log if it is a custom log!) in an installer which needs elevated rights anyway.
Line 76: Line 46:
||Current state:||1.1.0||
Line 78: Line 47:
== Download ==

You have two options: you can either download the script for usage:

[[http://aplwiki.com/WindowsEventLog?action=AttachFile&do=get&target=WindowsEventLog.ZIP | Download WindowsEventLog script right now]]

or get the whole thing from the AplWikiRepository, including the development workspace and the script and maybe more for any development or for running the test cases:

{{{
svn list svn://aplteam.com/os/dyalog/WindowsEventLog/tags
}}}		 <<Include(APLTreeDownloads)>>

Managing the Windows Event Log

WindowsEventLog is part of the CategoryAplTree project.

Contents

  1. Managing the Windows Event Log
    1. Overview
    2. Windows Event Log Classes
    3. Source
    4. .NET
    5. Security
    6. Project Page
    7. Version Information

Overview

This class offers methods useful to read from and write to the Windows Event Log.

The Windows Event Log is important to many large organisation due to the fact that servers situated in a special room cannot be accessed easily, not even by an administrator, and that monitoring them has therefore to be done remotely.

The Windows Event Log can be easily monitored remotely and is therefore the ideal place to report "Start", "Stop", "Fatal Error", Security problems and more.

Windows Event Log Classes

There are a number of so-called "Logs" available in the Windows Event Log:

attachment:windowseventlog.jpg

There might be others as well. It is possible to create your own Log.

While security is reserved for Microsoft "System" should be use by drivers etc. "Application" is the natural choice for an APL program, although you might want to create your own log.

Source

Note that within a class you must specify a source, normally your application name. Note further that the name of the source must be unique across all logs, not only the log you try to write to!

.NET

The WindowsEventLog class uses .NET but tries to hide everything not needed by an APL application programmer, or to use appropriate defaults.

Security

Using this class without admin rights, for example when your application runs as a service, needs "EventLogPermission" rights. On a server were you cannot control this it might be a problem. Microsoft explicitly points out that granting this right is a security risk and should therefore only be given to code that is fully managed (trusted).

Normally you get around this by establishing the Source (and possibly also the Log if it is a custom log!) in an installer which needs elevated rights anyway.

Project Page

For bug reports, future enhancements and a full version history see WindowsEventLog/ProjectPage

Version Information

Original author:

KaiJaeger

Responsible:

KaiJaeger

Email:

kai@aplteam.com

CategoryAplTree

WindowsEventLog (last edited 2018-03-03 11:36:54 by KaiJaeger)