Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Create Event Log manually #31

Closed
MovGP0 opened this issue Feb 15, 2019 · 3 comments
Closed

Question: Create Event Log manually #31

MovGP0 opened this issue Feb 15, 2019 · 3 comments

Comments

@MovGP0
Copy link

MovGP0 commented Feb 15, 2019

Because of company policies, I am not allowed to run my site with admin rights. So I am wondering how to create the event log manually and give the app user the appropriate rights.

So far I've done something like:

$sourceName = 'APPNAME';
$userName = 'DOMAIN\APPUSER';
$fileName = 'C:\FOLDERNAME\APPNAME.dll';
$logName = 'Application';

# create event log

New-EventLog -Source $sourceName -LogName $logName -MessageResourceFile $fileName -CategoryResourceFile $fileName; # -ComputerName $env:COMPUTERNAME

# allow user to access event log

$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName\$sourceName";
$acl = Get-Acl -Path $registryPath;
$accessRule = New-Object System.Security.AccessControl.RegistryAccessRule($userName, [System.Security.AccessControl.RegistryRights]::FullControl, [System.Security.AccessControl.InheritanceFlags]::ContainerInherit, [System.Security.AccessControl.PropagationFlags]::None, [System.Security.AccessControl.AccessControlType]::Allow);
$acl.AddAccessRule($accessRule);
Set-Acl -Path $registryPath -AclObject $acl;

However, so far I was unsuccessful with this approach. Any hints how to do it?
@mrbcmorris
Copy link
Member

Hi @MovGP0,

I have a simple script (see below) that has been successful for me but you may have different requirements. My goal was to create an event source (which requires elevated access) that then an application could write to (without elevated access). My application did not need to read any of the EventLogs it created.

$sourceName = "InsertSourceName"
$logName = "InsertLogName"

if (! [System.Diagnostics.EventLog]::SourceExists($sourceName)) {
    New-EventLog -LogName $logName -Source $sourceName

    Write-EventLog -LogName $logName -Source $sourceName -EventId 100 -EntryType Information -Message "EventSource Installed"
    exit
}

Write-EventLog -LogName $logName -Source $sourceName -EventId 100 -EntryType Information -Message "EventSource already existed"

What problems are you encountering?

@NLI-KelbyHunt
Copy link

I use a .reg file to create my event logs. My WiX installers for my services typically do it for me.

It usually looks like this

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\My Event Log Name]
"AutoBackupLogFiles"=dword:00000000
"MaxSize"=dword:00080000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\My Event Log Name\My Event Log Source]
"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,\
  4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,\
  00,5c,00,76,00,34,00,2e,00,30,00,2e,00,33,00,30,00,33,00,31,00,39,00,5c,00,\
  45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,4d,00,65,00,73,00,73,00,61,\
  00,67,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

@mrbcmorris
Copy link
Member

Going to go ahead and close this issue as it's really a question of installing event logs on a machines and not related to the sink itself. Happy to assist further if you have outstanding questions.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MovGP0 @mrbcmorris @NLI-KelbyHunt