The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.

EventLog.SourceExists

https://stackoverflow.com/questions/9564420/the-source-was-not-found-but-some-or-all-event-logs-could-not-be-searched

EventLog.SourceExists enumerates through the subkeys of HKLM\SYSTEM\CurrentControlSet\services\eventlog to see if it contains a subkey with the specified name.

If the user account under which the code is running does not have read access to a subkey that it attempts to access (in your case, the Security subkey) before finding the target source, you will see an exception like the one you have described.

 

The usual approach for handling such issues is to register event log sources at installation time (under an administrator account), then assume that they exist at runtime, allowing any resulting exception to be treated as unexpected if a target event log source does not actually exist at runtime.

 

 

  private void LogUtil_Error(object sender, Log4NetError e)
        {
            using (EventLog eventLog = new EventLog("Lisa"))
            {
                eventLog.Source = "LISA.BackOffice";
                var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{e}";
                eventLog.WriteEntry(message, EventLogEntryType.Error);
            }
            Environment.Exit(1);
        }

The source was not found, but some or all event logs could not be searched. 

To create the source, you need permission to read all event logs to make sure that the new source name is unique.  Inaccessible logs: Security.

 

 

错误提示2

EventLog.SourceExists方法查找的时候，如果找不到，会扩大搜索范围。

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\State 需要进行搜索，但是权限不足

System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: State.
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate)
at System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate)
at System.Diagnostics.EventLog.SourceExists(String source)
at ConsoleApp3.Program.Main() in C:\Users\clu\source\repos\ConsoleApp1\ConsoleApp3\Program.cs:line 29
The Zone of the assembly that failed was:
MyComputer

 

 

 

 

 

 

System.Security.SecurityException when writing to Event Log

答案1

To give Network Service read permission on the EventLog/Security key (as suggested by Firenzi and royrules22) follow instructions from http://geekswithblogs.net/timh/archive/2005/10/05/56029.aspx

1. Open the Registry Editor:
   1. Select Start then Run
   2. Enter regedt32 or regedit

2. Navigate/expand to the following key:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security

3. Right click on this entry and select Permissions

4. Add the Network Service user

5. Give it Read permission

UPDATE: The steps above are ok on developer machines, where you do not use deployment process to install application.
However if you deploy your application to other machine(s), consider to register event log sources during installation as suggested in SailAvid's and Nicole Calinoiu's answers.

I am using PowerShell function (calling in Octopus Deploy.ps1)

function Create-EventSources() {
    $eventSources = @("MySource1","MySource2" )
    foreach ($source in $eventSources) {
            if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
                [System.Diagnostics.EventLog]::CreateEventSource($source, "Application")
            }
    }
}

答案2

The problem is that the EventLog.SourceExists tries to access the EventLog\Security key, access which is only permitted for an administrator.

A common example for a C# Program logging into EventLog is:

string sSource;
string sLog;
string sEvent;

sSource = "dotNET Sample App";
sLog = "Application";
sEvent = "Sample Event";

if (!EventLog.SourceExists(sSource))
    EventLog.CreateEventSource(sSource, sLog);

EventLog.WriteEntry(sSource, sEvent);
EventLog.WriteEntry(sSource, sEvent, EventLogEntryType.Warning, 234);

However, the following lines fail if the program hasn't administrator permissions and the key is not found under EventLog\Application as EventLog.SourceExists will then try to access EventLog\Security.

if (!EventLog.SourceExists(sSource))
    EventLog.CreateEventSource(sSource, sLog);

Therefore the recommended way is to create an install script, which creates the corresponding key, namely:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App

One can then remove those two lines.

You can also create a .reg file to create the registry key. Simply save the following text into a file create.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\dotNET Sample App]

 在application pool的高级设置里面

设置identity。一个有4个设置级别，local service，local system，network service，application pool identity

经过测试，发现只有local system有权限写event log

 

 System.ArgumentException: The source is not registered in log ''. (It is registered in log '.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will automatically be matched to the Source property.

处理方案，就是创建EeventLog对象的时候，不需要指定logname, write entry 会自动找到对应的log name，在下面写日志

if (!EventLog.SourceExists(sourceName))
                {
                    EventLog.CreateEventSource(sourceName, _logName);
                }

                using (EventLog eventLog = new EventLog())
                {
                    eventLog.Source = sourceName;
                    var message = $"{AppDomain.CurrentDomain.BaseDirectory}{Environment.NewLine}{error}";
                    eventLog.WriteEntry(message, type);
                }

 

如果是新旧2个版本，替换了log name的话，新版本的source 前面可以价格前缀进行区分

 

 

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security, State.

需要给eventlog下面的两个节点，security和state添加iis_iusrs用户组的权限，

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

https://blog.sandro-pereira.com/2012/02/16/the-source-was-not-found-but-some-or-all-event-logs-could-not-be-searched-inaccessible-logs-security/

添加权限，右键选中State节点，选中Administrators用户组，勾选Full Control。然后高级，把Owner从System改为Administrators分组，点击确定。这样Administrators用户组就有了Full control。

接下来再给iis_iusrs添加权限。

 

 

 

 

 

 

 

 

 

 

作者:Chuck Lu    GitHub