29

I'm trying to use log4net to write to a customer event log under IIS7 on Windows Server 2008 SP1. However, account doesn't seem to have access to write to the event log. Does anyone have any suggestions?

1

5 Answers 5

66

The problem is probably your event source. You have to create an event source before you can write to the event log (if you don't, the Event log object tries to create one for you "automagically" the first time you write to the log).

You have to have hightened permissions to create an event log source. In some of my web apps, I have put the code to create the event source into my setup (setup runs as admin, so I'm always guaranteed to be able to create the source).

You just have to create the source once. After that, your ASP.Net app should have sufficient permissions to write entries specifying the source (or sources) that you created.

You can use an EventLogInstaller in your setup to create the source, or you could just write a little utility to call EventLog.CreateEventSource() as an admin.

I'll show you both ways:


// You would do this one from within an Installer class in a setup:
        private void InstallEventLog()
        {
            EventLogInstaller logInstaller;

            //Create an instance of an EventLogInstaller.
            logInstaller = new EventLogInstaller();

            //Set the source name of the event log.
            logInstaller.Source = "TheEventSourceName";
            Installers.Add(logInstaller);
        }


Method 2: just call CreateEventSource once as an admin (you could put the following code into a console app, for example, and run the console app as admin


EventLog.CreateEventSource("TheSourceName", "Application");

Bonus: If you have Powershell installed on your server, you can do it from the Powershell command prompt: (Make sure you are running Powershell as an admin)


[system.Diagnostics.EventLog]::CreateEventSource("SourceName", "Application")

Hop that helps

1
  • Clarifying point: The string "SourceName" is whatever source name you want to use -- you can make it anything. The string "Application" is a literal -- like you literally use the word "Application" (that specifies the Windows Application log vs. the System log etc). The only exception would be if you are creating a whole custom event log and not just wanting to write to teh general Application event log.
    – JMarsch
    Jan 25, 2021 at 15:44
14

Give the ASPNET permission to the event log.

Run -> regedit - > Browse to

HKEY_LOCAL_MACHINE
   \SYSTEM
      \CurrentControlSet
         \Services
            \Eventlog

Right click select permissions and give the ASPNET account full control

4
  • 5
    That's probably a bad idea if you are distributing your app, there are IT admins who will not allow changes to the default security options. You should be able to play within the sandbox. Apr 27, 2010 at 19:24
  • 7
    Not sure why this is being down voted so much. It may not scale or even be acceptable for production, but it is a good answer that says specifically what the permission is, and how to give it. Feb 14, 2012 at 19:27
  • The changes take only effect after you restart your aplication on IIS
    – Zé Carlos
    Apr 1, 2013 at 19:13
  • Honestly I would still use my original answer (the one marked as an answer). All of thse other methods require adding heightened permissions to the IIS account the original answer does not -- you just need to either run the setup as an admin, or run the single line of code once as an admin (while you are installing the web app)
    – JMarsch
    Jan 25, 2021 at 15:42
9

IIS 8 permission solving answer

I am lazy and didn't create a special log in my code, instead I used:

System.Diagnostics.EventLog.WriteEntry("MyAppName", "Bla Bla SQL ERROR: "+sx.Message);

Just to complete Michael's answer In IIS8 the user used by IIS when running server side code is : IIS_IUSRS

(actually its more complicated because there are virtual accounts within IIS_IUSRS but they get permissions from that account, see IIS_IUSRS and IUSR permissions in IIS8 form more details)

That user only requires READ permission on this registry node:

HKLM\System\CurrentControlSet\Services\Eventlog\Security

The reason for this is that when a new log source is written to, before creating it, the system wants to check that it doesn't exist so it needs to READ the source names.

Also, if you are using the iis express of visual studio, it will run under your personal credentials, so if you don't have read access permission to the registry node above you will need to add it too when debugging under visual studio.

(If administrators has permission to the node and your are in that group, it is not enough, you need to run visual studio 'as administrator' - which will work only from visual studio shortcut and not the sln shortcut)

Another note: If the computer is in a domain and you can't find the IIS_IUSRS account when editing registry permissions, it is likely you are looking in the wrong 'location', searching for the account on the domain active directory instead of the local computer)

4
  • Note, if the IIS_IUSRS user is missing in the list, you are probably viewing domain users - change the locations to the local computer. the user IUSRS in the domain is not the one you need
    – thedrs
    Jul 7, 2014 at 11:09
  • Also dont forget to restart the service (IIS)
    – thedrs
    Jul 7, 2014 at 11:27
  • If it still doesn't work, go to your app pool properties choose advanced settings then mark the 'enable 32 bit applications to true. Mine was false, but this helped a friend so try it.
    – thedrs
    Sep 8, 2014 at 7:36
  • The original answer would still work -- just run the code to create the event source as an admin 1 time. Do it at the same time you are deploying the web app. After than, your IIS app running at lower privilege will be able to write log entries using the new source.
    – JMarsch
    Jan 25, 2021 at 15:43
3

I think a more secure option to @Michael Kniskern's good example is:

regedit...

HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Eventlog \your_new_application_log

Give full control to just the specific application log created for the purposes of your application (in this example right-click your_new_application_log and set permissions there). Once the new log name is created it will appear in the registry nested under eventlog node as above.

0

I'm using IIS 10, and set the pool identity to Local System

see reference : https://stackoverflow.com/a/9067391/9975799

2
  • Please provide essestial details from link because link may get expired in future. Jul 4, 2019 at 5:56
  • I did the Item number 3 ( 3rd bullet ), set the Application Pool ( the one you are using on your site ) then set the identity to Local System
    – tyne
    Jul 9, 2019 at 6:01

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.