Windows Service - Event Log

  • Thread starter Thread starter pisquem
  • Start date Start date
P

pisquem

I am building an windows service that is to be deployed on a windows
server 2003 and I want to have activity written to the event log, I
want its own log called ('CustomLog')

Below is what I have so far...its builds fine but when I go to start
the service i get the following error.

---------------------------
Services
---------------------------
The CWindowService service on Local Computer started and then stopped.
Some services stop automatically if they have no work to do, for
example, the Performance Logs and Alerts service.
---------------------------
OK
---------------------------


What am I doing wrong? Right after this code I have this line....and it
never had an issue.
EventLog.WriteEntry("Refresh started successfully.");

//1. Create the source, if it does not already exist.
if (!EventLog.SourceExists("CustomLog"))
{
EventLog.CreateEventSource("CustomLog", "MyNewLog");
}


//2. Create an EventLog instance and assign its source.
EventLog myLog = new EventLog();
myLog.Source = "CustomLog";


//3. Write an informational entry to the event log.
myLog.WriteEntry("Writing to event log.");
 
Without seeing more of the start code i couldn't say for sure,
however, when I was working with this recently I found that by having
evaluating code in my OnStart event I had a tendancy of recieving the
same error. What I would recommend you do is add a component timer to
the service(not a form timer) and put your code in the Elapsed event of
the timer. Then in your OnStart method you just activate the timer.

-Bill
 
Hi,

You need to post more code, or more details at least.

Where are you running this?
What your onStart looks like?

Are you creating a new thread in the onStart ?

Usually what I do is in the onStart just create and Start a thread that is
the one who does the real thing. in this way the onStart returns
inmediately.
 
What credentials is the Service running under? It is possible that the
Service's account does not have the necessary permission to write to the
Event Log.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Chicken Salad Alchemist

Big thicks are made up of lots of little thins.
 
I am building an windows service that is to be deployed on a windows
server 2003 and I want to have activity written to the event log, I
want its own log called ('CustomLog')

Below is what I have so far...its builds fine but when I go to start
the service i get the following error.
Click to expand...

When i tried that (on a default windows 2003 installation) i experienced
a problem with access rights. If i remember well, i had to give the
'network' user access rights to the registry keys..
 
| > I am building an windows service that is to be deployed on a windows
| > server 2003 and I want to have activity written to the event log, I
| > want its own log called ('CustomLog')
| >
| > Below is what I have so far...its builds fine but when I go to start
| > the service i get the following error.
|
| When i tried that (on a default windows 2003 installation) i experienced
| a problem with access rights. If i remember well, i had to give the
| 'network' user access rights to the registry keys..
|

What registry key's?
The "Network Service" account is a restricted service account with
sufficient privileges to write/read to/from the eventlog, if you elevate
it's privileges, you break what it was designed for.

Willy.
 
Check your service account, only admin accounts have the right to "create"
private logs. If your service run with restricted privileges (which is
good), you'll need to create the log from another program, not from within
your service.

Willy.


|I am building an windows service that is to be deployed on a windows
| server 2003 and I want to have activity written to the event log, I
| want its own log called ('CustomLog')
|
| Below is what I have so far...its builds fine but when I go to start
| the service i get the following error.
|
| ---------------------------
| Services
| ---------------------------
| The CWindowService service on Local Computer started and then stopped.
| Some services stop automatically if they have no work to do, for
| example, the Performance Logs and Alerts service.
| ---------------------------
| OK
| ---------------------------
|
|
| What am I doing wrong? Right after this code I have this line....and it
| never had an issue.
| EventLog.WriteEntry("Refresh started successfully.");
|
| //1. Create the source, if it does not already exist.
| if (!EventLog.SourceExists("CustomLog"))
| {
| EventLog.CreateEventSource("CustomLog", "MyNewLog");
| }
|
|
| //2. Create an EventLog instance and assign its source.
| EventLog myLog = new EventLog();
| myLog.Source = "CustomLog";
|
|
| //3. Write an informational entry to the event log.
| myLog.WriteEntry("Writing to event log.");
|
 
| > I am building an windows service that is to be deployed on a windows
| > server 2003 and I want to have activity written to the event log, I
| > want its own log called ('CustomLog')
| >
| > Below is what I have so far...its builds fine but when I go to start
| > the service i get the following error.
|
| When i tried that (on a default windows 2003 installation) i experienced
| a problem with access rights. If i remember well, i had to give the
| 'network' user access rights to the registry keys..
|

What registry key's?
Click to expand...

HKLM/System/CurrentControlSet/Services/Eventlog (or one of it's
children).
 
Yes, but why do you want your service to write to this key?
Only Administrators (and localsystem) are allowed to write to HKLM and
descendants, Service accounts are not supposed to write to HKLM. If you
really need your service to write to HKLM, you need to run as "localsystem".
Again if you grant a non privileged account write access to HKLM, you
severely compromise your system's security.

Willy.

| >
| > | >| > I am building an windows service that is to be deployed on a windows
| >| > server 2003 and I want to have activity written to the event log, I
| >| > want its own log called ('CustomLog')
| >| >
| >| > Below is what I have so far...its builds fine but when I go to start
| >| > the service i get the following error.
| >|
| >| When i tried that (on a default windows 2003 installation) i
experienced
| >| a problem with access rights. If i remember well, i had to give the
| >| 'network' user access rights to the registry keys..
| >|
| >
| > What registry key's?
|
| HKLM/System/CurrentControlSet/Services/Eventlog (or one of it's
| children).
|
|
| --
| Met vriendelijke groeten,
| Tim Van Wassenhove <http://timvw.madoka.be>
 
Every Windows Service runs under a specific user account, which is assigned
to it, either by the developer when creating the installation for the
service, or by an administrator/authorized user via the Services snap-in.
So, there is no single user account under which all Windows Services run.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Chicken Salad Alchemist

Big thicks are made up of lots of little thins.
 
Only Administrators (and localsystem) are allowed to write to HKLM and
descendants, Service accounts are not supposed to write to HKLM.
Click to expand...

Services write to Event Logs all the time, and run under a variety of user
accounts. In fact, the majority of the Events in the Event Log are written
by Services. If you look in the Application and System Event Logs, for
example, you will see that almost all Events are written by Services.

That said, by default, members of the Administrators group and the Local
System account are the only accounts allowed to write to the Event Log on a
Windows 2003 server. On the other hand, a Service can certainly run under
the Local System Account, and an account other than the Administrators group
or the Local System account may be granted permission to create and write to
Event Logs as well.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Chicken Salad Alchemist

Big thicks are made up of lots of little thins.
 
I am currently developing/building this on a Windows XP machine (this
is where the problem is currently) but it will be deployed to a Windows
Server 2003.

As for the comments about the OnStart, is it suggested not put the
writing to logs in this event? I want to have an entry 'Service started
successfully' isnt the that best spot for it.

With regards to permission and access rights, what is the final verdict
on this?
 
Guilty.

--
HTH,

Kevin Spencer
Microsoft MVP
Professional Chicken Salad Alchemist

Big thicks are made up of lots of little thins.
 
Who's talking about writing to the eventlog? Tim and I are talking about
writing to the registry ( HKLM ).


Willy.


|> Only Administrators (and localsystem) are allowed to write to HKLM and
| > descendants, Service accounts are not supposed to write to HKLM.
|
| Services write to Event Logs all the time, and run under a variety of user
| accounts. In fact, the majority of the Events in the Event Log are written
| by Services. If you look in the Application and System Event Logs, for
| example, you will see that almost all Events are written by Services.
|
| That said, by default, members of the Administrators group and the Local
| System account are the only accounts allowed to write to the Event Log on
a
| Windows 2003 server. On the other hand, a Service can certainly run under
| the Local System Account, and an account other than the Administrators
group
| or the Local System account may be granted permission to create and write
to
| Event Logs as well.
|
| --
| HTH,
|
| Kevin Spencer
| Microsoft MVP
| Professional Chicken Salad Alchemist
|
| Big thicks are made up of lots of little thins.
|
|
| | > Yes, but why do you want your service to write to this key?
| > Only Administrators (and localsystem) are allowed to write to HKLM and
| > descendants, Service accounts are not supposed to write to HKLM. If you
| > really need your service to write to HKLM, you need to run as
| > "localsystem".
| > Again if you grant a non privileged account write access to HKLM, you
| > severely compromise your system's security.
| >
| > Willy.
| >
| > | > | On 2006-06-28, Willy Denoyette [MVP] <[email protected]>
wrote:
| > | >
| > | > | > | >| > I am building an windows service that is to be deployed on a
| > windows
| > | >| > server 2003 and I want to have activity written to the event log,
I
| > | >| > want its own log called ('CustomLog')
| > | >| >
| > | >| > Below is what I have so far...its builds fine but when I go to
| > start
| > | >| > the service i get the following error.
| > | >|
| > | >| When i tried that (on a default windows 2003 installation) i
| > experienced
| > | >| a problem with access rights. If i remember well, i had to give the
| > | >| 'network' user access rights to the registry keys..
| > | >|
| > | >
| > | > What registry key's?
| > |
| > | HKLM/System/CurrentControlSet/Services/Eventlog (or one of it's
| > | children).
| > |
| > |
| > | --
| > | Met vriendelijke groeten,
| > | Tim Van Wassenhove <http://timvw.madoka.be>
| >
| >
|
|
 
I'm talking about the predefined "Service accounts", these are "SYSTEM" or
'localsystem', 'Local Service' and 'Network Service' In the early day's of
NT4, all services ran under localsystem, since then MSFT learned a lesson,
that is Services where the preferred target for the bad guy's, especially
those who ran with 'interact with the desktop'.
Since then, they added the least privileged 'Service accounts' and advised
to run the services using one of the least privileged "service accounts",
that is 'Local Service or Network Service'. And on Vista, all (system
supplied) services run under one of these Service accounts.
Whether you run a service under another account is up to you, but a system
admin right in it's mind will never allow a service to run as Administrator
or as an account with administrative privileges, he will always apply the
"Least Privilege" security principle.


Willy.



| Every Windows Service runs under a specific user account, which is
assigned
| to it, either by the developer when creating the installation for the
| service, or by an administrator/authorized user via the Services snap-in.
| So, there is no single user account under which all Windows Services run.
|
| --
| HTH,
|
| Kevin Spencer
| Microsoft MVP
| Professional Chicken Salad Alchemist
|
| Big thicks are made up of lots of little thins.
|
|
| | >
| > | > | > I am building an windows service that is to be deployed on a windows
| > | > server 2003 and I want to have activity written to the event log, I
| > | > want its own log called ('CustomLog')
| > | >
| > | > Below is what I have so far...its builds fine but when I go to start
| > | > the service i get the following error.
| > |
| > | When i tried that (on a default windows 2003 installation) i
experienced
| > | a problem with access rights. If i remember well, i had to give the
| > | 'network' user access rights to the registry keys..
| > |
| >
| > What registry key's?
| > The "Network Service" account is a restricted service account with
| > sufficient privileges to write/read to/from the eventlog, if you elevate
| > it's privileges, you break what it was designed for.
| >
| > Willy.
| >
| >
|
|
 
Right, but Tim has split the thread and talked about writing to the Registry
(HKLM) and I replied to him not to You, right?.

Willy.

| yes the original question what about writing to the event log, not the
| registry.
|
 
Your problem is that you are trying to create your own private log from
within your service, only admins are allowed to do that, that would mean
that your service needs to run with administrative privileges (for instance
as SYSTEM) only to create a log which is a bad idea. So my suggestion is to
have a separate program that creates the log and let the administrator run
this program at install time.

Willy.



|I am currently developing/building this on a Windows XP machine (this
| is where the problem is currently) but it will be deployed to a Windows
| Server 2003.
|
| As for the comments about the OnStart, is it suggested not put the
| writing to logs in this event? I want to have an entry 'Service started
| successfully' isnt the that best spot for it.
|
| With regards to permission and access rights, what is the final verdict
| on this?
|
 
Right, but Tim has split the thread and talked about writing to the Registry
(HKLM) and I replied to him not to You, right?.
Click to expand...

No, i said that in order to write to the eventlog, you need to have
permissions to do so.
 
Who's talking about writing to the eventlog? Tim and I are talking about
writing to the registry ( HKLM ).


Willy.


|> Only Administrators (and localsystem) are allowed to write to HKLM and
| > descendants, Service accounts are not supposed to write to HKLM.
|
| Services write to Event Logs all the time, and run under a variety of user
| accounts. In fact, the majority of the Events in the Event Log are written
| by Services. If you look in the Application and System Event Logs, for
| example, you will see that almost all Events are written by Services.
|
| That said, by default, members of the Administrators group and the Local
| System account are the only accounts allowed to write to the Event Log on
a
| Windows 2003 server. On the other hand, a Service can certainly run under
| the Local System Account, and an account other than the Administrators
group
| or the Local System account may be granted permission to create and write
to
| Event Logs as well.
|
| --
| HTH,
|
| Kevin Spencer
| Microsoft MVP
| Professional Chicken Salad Alchemist
|
| Big thicks are made up of lots of little thins.
|
|
| | > Yes, but why do you want your service to write to this key?
| > Only Administrators (and localsystem) are allowed to write to HKLM and
| > descendants, Service accounts are not supposed to write to HKLM. If you
| > really need your service to write to HKLM, you need to run as
| > "localsystem".
| > Again if you grant a non privileged account write access to HKLM, you
| > severely compromise your system's security.
| >
| > Willy.
| >
| > | > | On 2006-06-28, Willy Denoyette [MVP] <[email protected]>
wrote:
| > | >
| > | > | > | >| > I am building an windows service that is to be deployed on a
| > windows
| > | >| > server 2003 and I want to have activity written to the event log,
I
| > | >| > want its own log called ('CustomLog')
| > | >| >
| > | >| > Below is what I have so far...its builds fine but when I go to
| > start
| > | >| > the service i get the following error.
| > | >|
| > | >| When i tried that (on a default windows 2003 installation) i
| > experienced
| > | >| a problem with access rights. If i remember well, i had to give the
| > | >| 'network' user access rights to the registry keys..
| > | >|
| > | >
| > | > What registry key's?
| > |
| > | HKLM/System/CurrentControlSet/Services/Eventlog (or one of it's
| > | children).
| > |
| > |
| > | --
| > | Met vriendelijke groeten,
| > | Tim Van Wassenhove <http://timvw.madoka.be>
| >
| >
|
|
Click to expand...
 
Back
Top