Writing to an event log in ASP.NET on Windows Server 2008 IIS7

Question

I\'m trying to use log4net to write to a customer event log under IIS7 on Windows Server 2008 SP1. However, account doesn\'t seem to have access to write to the event log. D

Answer 1

The problem is probably your event source. You have to create an event source before you can write to the event log (if you don't, the Event log object tries to create one for you "automagically" the first time you write to the log).

You have to have hightened permissions to create an event log source. In some of my web apps, I have put the code to create the event source into my setup (setup runs as admin, so I'm always guaranteed to be able to create the source).

You just have to create the source once. After that, your ASP.Net app should have sufficient permissions to write entries specifying the source (or sources) that you created.

You can use an EventLogInstaller in your setup to create the source, or you could just write a little utility to call EventLog.CreateEventSource() as an admin.

I'll show you both ways:

// You would do this one from within an Installer class in a setup:
        private void InstallEventLog()
        {
            EventLogInstaller logInstaller;

            //Create an instance of an EventLogInstaller.
            logInstaller = new EventLogInstaller();

            //Set the source name of the event log.
            logInstaller.Source = "TheEventSourceName";
            Installers.Add(logInstaller);
        }

Method 2: just call CreateEventSource once as an admin (you could put the following code into a console app, for example, and run the console app as admin

EventLog.CreateEventSource("TheSourceName", "Application");

Bonus: If you have Powershell installed on your server, you can do it from the Powershell command prompt: (Make sure you are running Powershell as an admin)

[system.Diagnostics.EventLog]::CreateEventSource("SourceName", "Application")

Hop that helps

Answer 2

I'm using IIS 10, and set the pool identity to Local System

see reference : https://stackoverflow.com/a/9067391/9975799

Answer 3

Give the ASPNET permission to the event log.

Run -> regedit - > Browse to

HKEY_LOCAL_MACHINE
   \SYSTEM
      \CurrentControlSet
         \Services
            \Eventlog

Right click select permissions and give the ASPNET account full control

Answer 4

IIS 8 permission solving answer

I am lazy and didn't create a special log in my code, instead I used:

System.Diagnostics.EventLog.WriteEntry("MyAppName", "Bla Bla SQL ERROR: "+sx.Message);

Just to complete Michael's answer In IIS8 the user used by IIS when running server side code is : IIS_IUSRS

(actually its more complicated because there are virtual accounts within IIS_IUSRS but they get permissions from that account, see IIS_IUSRS and IUSR permissions in IIS8 form more details)

That user only requires READ permission on this registry node:

HKLM\System\CurrentControlSet\Services\Eventlog\Security

The reason for this is that when a new log source is written to, before creating it, the system wants to check that it doesn't exist so it needs to READ the source names.

Also, if you are using the iis express of visual studio, it will run under your personal credentials, so if you don't have read access permission to the registry node above you will need to add it too when debugging under visual studio.

(If administrators has permission to the node and your are in that group, it is not enough, you need to run visual studio 'as administrator' - which will work only from visual studio shortcut and not the sln shortcut)

Another note: If the computer is in a domain and you can't find the IIS_IUSRS account when editing registry permissions, it is likely you are looking in the wrong 'location', searching for the account on the domain active directory instead of the local computer)

Answer 5

I think a more secure option to @Michael Kniskern's good example is:

regedit...

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Eventlog \your_new_application_log

Give full control to just the specific application log created for the purposes of your application (in this example right-click your_new_application_log and set permissions there). Once the new log name is created it will appear in the registry nested under eventlog node as above.