tags:

views:

1072

answers:

4
+2  Q: 

.NET : How to set user information in an EventLog Entry?

The System.Diagnostics.EventLog class provides a way to interact with a windows event log. I use it all the time for simple logging...

System.Diagnostics.EventLog.WriteEntry("MyEventSource", "My Special Message")

Is there a way to set the user information in the resulting event log entry using .NET?

A: 

You need to add it yourself into the event message.

Use the System.Security.Principal namespace to get the current identity of the thread logging the event.

Kev  2008-09-29 02:26:45
A: 

Usually, the user executing the code that calls the EventLog.WriteEntry method will be the user displayed in the event log for the entry.

You could try impersonating another user by creating your own Principal and Identity and associating it with the current thread, however this is not advised as it could introduce security issues and will definitely complicate your application.

Ash  2008-09-29 02:36:00
A: 

Including the user in the message is an obvious way around it. But I actually want to set the User field of the event log entry.

Ash...

"the user executing the code that calls the EventLog.WriteEntry method will be the user displayed in the event log for the entry"

This is not correct in my experience. The user field is not populated by the EventLog.WriteEntry call.

Anybody else got a way to do this?

Kevin Read  2008-09-30 22:21:41
+3  A: 

Toughie ...

I looked for a way to fill the user field with a .NET method. Unfortunately there is none, and you must import the plain old Win32 API ReportEvent function with a DLLImportAttribute

You must also redeclare the function with the right types, as Platform Invoke Data Types says

So

BOOL ReportEvent(
__in  HANDLE hEventLog,
__in  WORD wType,
__in  WORD wCategory,
__in  DWORD dwEventID,
__in  PSID lpUserSid,
__in  WORD wNumStrings,
__in  DWORD dwDataSize,
__in  LPCTSTR *lpStrings,
__in  LPVOID lpRawData
);

becomes

[DllImport("Advapi32.dll", EntryPoint="ReportEventW",  SetLastError=true,
CharSet=CharSet.Unicode)]
bool WriteEvent(
  IntPtr hEventLog, //Where to find it ?
  ushort  wType,
  ushort  wCategory,
  ulong dwEventID,
  IntPtr lpUserSid, // We'll leave this struct alone, so just feed it a pointer
  ushort wNumStrings,
  ushort dwDataSize,
  string[] lpStrings,
  IntPtr lpRawData
);

You also want to look at OpenEventLog and ConvertStringSidToSid

Oh, and you're writing unmanaged code now... Watch out for memory leaks.Good luck :p

Johan Buret  2008-10-01 20:53:30

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?