EntryWrittenEventHandler and Security Log

  • Thread starter Thread starter Vinny
  • Start date Start date
V

Vinny

Greetings,

I have the following code fragment that fires an event
when an entry is written to the Application and System
event logs. For some reason, an event is NOT fired when
an entry is written to the Security Log.

I do not beleive it is a rights issue as I can
programatically enumerate the Security Log. Any
comments, suggestions etc. would be appreciated.

Thanks...

EventLog[] eventLogs;
eventLogs = EventLog.GetEventLogs();
foreach ( EventLog eventLog in eventLogs)
{
eventLog.EntryWritten += new
EntryWrittenEventHandler(EntryWritten);
eventLog.EnableRaisingEvents =
true;
}
 
-----Original Message-----
Vinny wrote:
|| Greetings,
||
|| I have the following code fragment that fires an event
|| when an entry is written to the Application and System
|| event logs. For some reason, an event is NOT fired when
|| an entry is written to the Security Log.
||
|| I do not beleive it is a rights issue as I can
|| programatically enumerate the Security Log. Any
|| comments, suggestions etc. would be appreciated.
||
|| Thanks...
||
|| EventLog[] eventLogs;
|| eventLogs = EventLog.GetEventLogs();
|| foreach ( EventLog eventLog in eventLogs)
|| {
|| eventLog.EntryWritten += new
|| EntryWrittenEventHandler(EntryWritten);
|| eventLog.EnableRaisingEvents =
|| true;
|| }

As far as I know write access to the security log is
Click to expand...
reserved only for the Windows Local Security Authority
(LSA).
Willy.


.
Click to expand...

Willy,

Thanks for your reply... I am not trying to write to the
security event log... I am trying to detect when
something has been written. The code fragment works
perfectly for the system and application log, but not the
security log.
 
||
|| Thanks for your reply... I am not trying to write to the
|| security event log... I am trying to detect when
|| something has been written. The code fragment works
|| perfectly for the system and application log, but not the
|| security log.

Works for me (Framework v1.1 on W2K3 and XP).
What OS and Framework version are you running.

Willy.
 
|| I have tried the code fragment on both Win2K and WinXP,
|| Framework v1.1. Even though I have domain admin rights,
|| could it be a rights issue?

No I don't think so, maybe you could try this little console program.

using System;
using System.Diagnostics;
using System.Threading;

class MySample{
// This member is used to wait for events.
static AutoResetEvent signal;
public static void Main(){
//Create an EventLog instance, and pass log name and MachineName where the log resides.
EventLog ev = new EventLog("Security", System.Environment.MachineName);
ev.EntryWritten += new EntryWrittenEventHandler(SecOnEntryWritten);
ev.EnableRaisingEvents = true;
signal = new AutoResetEvent(false);
signal.WaitOne();
}
public static void SecOnEntryWritten(object source, EntryWrittenEventArgs e){
Console.WriteLine(e.Entry.Message);
signal.Set();
}
}

Willy.
 
Back
Top