tags:

views:

138

answers:

1
Q: 

Logging to the windows event log from an ISAPI application

Hello,

I have an ISAPI application that needs to write to the standard windows event log. The code works just fine when in a user mode process but, as soon as it runs from the ISAPI application, it generates an access denied error when calling RegisterEventSource (no matter what event source I pass it: "Application" fails as surely as anything else).

Server platform is IIS7 on windows 2003, language is Borland Delphi 6.

Edit: Code was requested so here it is:

procedure TExtendedEventLogger.LogMessage(Message: String; EventType: DWord;
  Category: Word; ID: DWord);
var
  P: Pointer;
  USID: TUserSID;
begin
  if Enabled then
  begin
    P := PChar(Message);
    if FEventLog = 0 then
    begin
      If FMachine <> '' then
        FEventLog := windows.RegisterEventSource(PChar(FMachine), PChar(FName))
      else
        FEventLog := windows.RegisterEventSource(nil, PChar(FName)); // <- blows up here
      if FEventLog = 0 then
      begin
        Raise exception.Create('Event logging error: ' + SysErrorMessage(getLastError));
      end;
    end;
    USID := GetCurrentUserSid();
    try
      if not ReportEvent(FEventLog, EventType, Category, ID, USID.PSID, 1, 0, @P, nil) then
        raiseLastOSError;
    finally
      FreeAndNil(USID);
    end;
  end;
end;
+1  A: 

I believe a similar problem is described here. Check the permissions to the registry key, you can do that with regedit, too.

TOndrej  2010-08-27 07:36:40
Thanks for that answer.That strikes me as a rather hawkward way to do it. I'm not questioning the validity of that answer as such, mind you, but I can't bring myself to beleive MS designed a critical part of the system like the event log so poorly that no web application can write to it without first changing the default permission.Have I missed something obvious, here ?
Stephane  2010-08-31 07:20:50
Some might say a system which allows any process to write to the event log by default is poor design. Possible denial of service attack by filling up the event log/hard disk? Honestly, I'm not sure.
TOndrej  2010-08-31 08:51:58
If you're running a local process on the server, even with low privilege, you can still do pretty nasty things and even crash the system (for instance, you can create a threads in a loop with a very small stack size: that will create so many threads that, in a very short time, the scheduler will not be able to handle it and the system will hang).On the other hand, requiring that a web application provides it's own logging mechanism (that cannot be aggregated in a standard way) if raising the bar for providing a safe environment.Not that this helps me much with my problem, mind you :P
Stephane  2010-08-31 14:28:41

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?