By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,190 Members | 2,204 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,190 IT Pros & Developers. It's quick & easy.

Problem with the message property of event log entries

P: n/a
I am reading events from an event log on a remote server. Certain events
will be put in a file or some other form of output. Everything works fine
but I am concerned a potential problem. Reading about how events are
handled, I found that the message property of an event is not recorded but
rather accessed from the source dll file. While testing my code I found that
when accessing the message property of a remote event log the message is
taken from the local dll file rather than the remote computers dll file.
According to the documentation it is possible for these messages to be
different if the dll files are not the same. This poses potential problems
because the message might be incorrect if it is not getting it from the
remote computer. I tested this by restricting permission to relevant
registry information locally, and sure enough my code throws an access
exception reading the registry.
I am trying to find out if there is some way to get the message from the
remote computer or if I can at least count on some events to be standardized
such as the ones in the security log.
I’m not sure if code will help but this example at least shows some of the
classes being used.

EventLog[] remoteEventLogs = EventLog.GetEventLogs(server);
foreach(EventLog log in remoteEventLogs)
{
foreach (EventLogEntry entry in log)
{
Console.WriteLine(entry.message);
}
}

The registry keys are located at:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Eventlog
I disabled access to a specific event source of the application log for my
test (using regedt32 not regedit)
The exception is:
System.Security.SecurityException: Requested registry access is not allowed.
Let me know if more information is needed.

Thanks,
Paul

Nov 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.