128

我收到以下异常。我已经在注册表编辑中完全控制了事件日志上的 Asp.net 帐户。

[SecurityException:找不到源,但无法搜索部分或全部事件日志。无法访问的日志:安全性。]

System.Diagnostics.EventLog.FindSourceRegistration(String source,  String machineName, Boolean readOnly, Boolean wantToCreate) +664
System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) +109
System.Diagnostics.EventLog.SourceExists(String source) +14 Microsoft.ApplicationBlocks.ExceptionManagement.DefaultPublisher.VerifyValidSource() +41

我猜这是由于服务器上的一些配置问题?

4

10 回答 10

106

EventLog.SourceExists枚举 的子键,HKLM\SYSTEM\CurrentControlSet\services\eventlog看它是否包含具有指定名称的子键。如果运行代码的用户帐户在找到目标源之前对其尝试访问的子项(在您的情况下为子项)没有读取权限Security,您将看到与您描述的类似的异常。

处理此类问题的常用方法是在安装时注册事件日志源(在管理员帐户下),然后假设它们在运行时存在,如果目标事件日志源实际上不存在,则允许将任何产生的异常视为意外在运行时。

于 2012-03-05T13:22:20.137 回答
71

有同样的例外。就我而言,我必须以管理员权限运行命令提示符。

在开始菜单中,右键单击命令提示符,选择“以管理员身份运行”。

于 2013-08-09T17:19:21.687 回答
11

对我来说,这个错误是由于命令提示符,它没有在管理员权限下运行。您需要右键单击命令提示符并说“以管理员身份运行”。

You need administrator role to install or uninstall a service.

于 2014-04-09T06:14:32.827 回答
9

启动开发人员命令行“作为管理员”。此帐户具有安全日志的完全访问权限

于 2013-08-01T13:36:56.713 回答
8

Didnt work for me.

I created a new key and string value and managed to get it working

Key= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\<Your app name>\
String EventMessageFile value=C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
于 2015-02-02T15:47:18.360 回答
2

Inaccessible logs: Security

A new event source needs to have a unique name across all logs including Security (which needs admin privilege when it's being read).

So your app will need admin privilege to create a source. But that's probably an overkill.

I wrote this powershell script to create the event source at will. Save it as *.ps1 and run it with any privilege and it will elevate itself.

# CHECK OR RUN AS ADMIN

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break
}

# CHECK FOR EXISTENCE OR CREATE

$source = "My Service Event Source";
$logname = "Application";

if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
    [System.Diagnostics.EventLog]::CreateEventSource($source, $logname);
    Write-Host $source -f white -nonewline; Write-Host " successfully added." -f green;
}
else
{
    Write-Host $source -f white -nonewline; Write-Host " already exists.";
}

# DONE

Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');
于 2018-09-12T11:03:39.700 回答
1

For me just worked iisreset (run cmd as administrator -> iisreset). Maybe somebody could give it a try.

于 2015-05-08T09:23:41.187 回答
1

I recently experienced the error, and none of the solutions worked for me. What resolved the error for me was adding the Application pool user to the Power Users group in computer management. I couldn't use the Administrator group due to a company policy.

于 2020-02-12T10:55:19.357 回答
0

If you are performing a new install of the SenseNet TaskManagement website on IIS (from source code, not WebPI), you will get this message, usually related to SignalR communication. As @nicole-caliniou points out, it is due to a key search in the Registry that fails.

To solve this for SenseNet TaskManagement v1.1.0, first find the registry key name in the web.config file. By default it is "SnTaskWeb".

 <appSettings>
   <add key="LogSourceName" value="SnTaskWeb" />

Open the registry editor, regedit.exe, and navigate to HKLM\SYSTEM\CurrentControlSet\Services\EventLog\SnTask. Right-click on SnTask and select New Key, and name the key SnTaskWeb for the configuration shown above. Then right-click on the SnTaskWeb element and select New Expandable String Value. The name should be EventMessageFile and the value data should be C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll.

Keywords: signalr, sensenet, regedit, permissions

于 2016-11-28T22:19:48.923 回答
0

If you just want to sniff if a Source exists on the local machine but don't have ability to get authorization to do this, you can finger it through the following example (VB).

This bypasses the security error. You could similarly modify this function to return the LogName for the Source.

Public Shared Function eventLogSourceExists(sSource as String) as Boolean
    Try
        EventLog.LogNameFromSourceName(sSource, ".")
        Return True
    Catch
        Return False
    End Try
End Function
于 2020-07-26T04:17:59.023 回答