Insufficient permissions to write to event log...even for Admin?

Topics: Exception Handling Application Block, Logging Application Block
Jul 6, 2012 at 6:40 PM

Hi folks,

I'm replacing some existing code in my WCF service that logs directly to a custom event log with the Enterprise Library logging + exception handling blocks.

The old code, when running under the WindowsIdentity context of our application pool account (Admin on the web server), was able to log to our custom event log.

Now I've introduced Enterprise Library and I'm getting a security error:

"The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security."

The error is thrown on line 51 of FormattedTraceListenerWrapperBase:

this.innerListener.TraceData(eventCache, source, severity, id, base.Formatter.Format(data as LogEntry));

I've followed the code through the stack and I see where the impersonation is stripped away (we impersonate the caller), so I took out my code that did the same thing, but there's still a security exception.

Any thoughts on what the heck is going on?

 

Jul 7, 2012 at 8:25 AM

The consensus seems to be to give the user account Read access to the EventLog Security registry key.  You can try that as per http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx.

--
Randy Levy
Enterprise Library support engineer
entlib.support@live.com 

Jul 7, 2012 at 8:03 PM

Thanks for your reply, but remember I said above that the account is a local administrator -- giving that account read access would make no difference.

As it happens, the problem was on my end. I was unclear as to the relationship between the log and the source, both in the config file and when creating the log in the first place. Once I aligned the log/source in the registry with log/source in the config file (the names matched), then everything worked fine.

The error was a bit misleading.