[Mono-dev] local file based EventLog implementation

Gert Driesen gert.driesen at telenet.be
Tue Aug 8 14:48:00 EDT 2006



> -----Original Message-----
> From: mono-devel-list-bounces at lists.ximian.com [mailto:mono-devel-list-
> bounces at lists.ximian.com] On Behalf Of Kornél Pál
> Sent: dinsdag 8 augustus 2006 20:03
> To: Atsushi Eno; Gert Driesen
> Cc: mono-devel-list at lists.ximian.com
> Subject: Re: [Mono-dev] local file based EventLog implementation
> 
> Hi,
> 
> There is an event logging API on Windows and in fact it's better to use
> it than writing events directly to the registry:

AFAIK, Windows does not write events to the registry. It only keeps the
event log configuration in the registry.
> 
> http://windowssdk.msdn.microsoft.com/en-us/library/ms684073.aspx

I know, and we should eventually be using that API for reading/writing
events on Windows, but AFAIK there's no API for reading/creating event logs
and sources. Apparently MS also uses the Registry API for this.

Try running the following code snippet when you have no permission to access
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog:

using System.Diagnostics;

public class EventLogTest {
	static void Main () {
		EventLog.GetEventLogs();
	}
}

You should get this exception:

Unhandled Exception: System.Security.SecurityException: Requested registry
access is not allowed.
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at System.Diagnostics.EventLog.GetEventLogs(String machineName)
   at System.Diagnostics.EventLog.GetEventLogs()
   at EventLogTest.Main()

> 
> Note that there is another topic in this documentation tree called
> Windows Event Log that requires Windows Vista and should not be
> confused with Event Logging that we should use.

No, indeed.

I'll see if I can get a small POC working tomorrow.

Gert

> ----- Original Message -----
> From: "Atsushi Eno" <atsushi at ximian.com>
> To: "Gert Driesen" <gert.driesen at telenet.be>
> Cc: <mono-devel-list at lists.ximian.com>
> Sent: Tuesday, August 08, 2006 7:46 PM
> Subject: Re: [Mono-dev] local file based EventLog implementation
> 
> 
> > Hi Gert,
> >
> > Thanks for the comments.
> >
> > Gert Driesen wrote:
> >>
> >>> -----Original Message-----
> >>> From: mono-devel-list-bounces at lists.ximian.com [mailto:mono-devel-
> list-
> >>> bounces at lists.ximian.com] On Behalf Of Atsushi Eno
> >>> Sent: maandag 7 augustus 2006 3:58
> >>> To: mono-devel-list at lists.ximian.com
> >>> Subject: [Mono-dev] local file based EventLog implementation
> >>>
> >>> Hi,
> >>>
> >>> During a consultation with a local customer I recently noticed that
> we
> >>> don't have EventLog implementation, while a basic framework has
> existed
> >>> for years, which was intended to have some different
> implementations.
> >>> Hence I implemented pretty simple stupid one, which works only for
> >>> local machine.
> >>>
> >>> I modified some of existing framework as it does not seem to
> support
> >>> multiple implementation in reality.
> >>>
> >>> To use this code, set MONO_LOCAL_EVENTLOG_DIR =
> >>> /path/to/yourfavoritedir to point the location for aggregated event
> >>> logs.
> >>>
> >>> The usage sample I have is like:
> >>>
> >>> EventLog log = new EventLog ("enolog", ".", "logg");
> >>> Console.WriteLine (log.Log);
> >>> foreach (EventLogEntry e in log.Entries)
> >>> Console.WriteLine (e.Message);
> >>> log.WriteEntry ("My test message.");
> >>>
> >>> It is really a hack. Any improvements or suggestions would be
> >>> appreciated. If no one is taking care of EventLog stuff, I'll
> checkin
> >>> the code by myself.
> >>
> >> I'm not sure if it's really necessary to have a separate
> EventLogFactory
> >> abstraction, we could use a similar approach to the one used for the
> >> Registry API;  meaning, define an interface and implementations of
> that
> >> interface and have EventLog pick the implementation for doing all
> the
> >> work
> >> (except for basic argument checks and stuff). Ofcourse, feel free to
> >> ignore
> >> my remarks as I'm glad we now have at least an implementation thanks
> to
> >> you
> >> ;-)
> >
> > I'm just curious, what's the benefit of your interface proposal over
> > factory methods? My guess is that we would end up to summarize common
> > code base into an abstract class, which will look like existing
> > EventLogImpl.
> >
> >> We might also use the Registry API for registering/deleting/querying
> >> event
> >> sources (on both linux and windows) to match the Win32 event log,
> which
> >> AFAIK uses
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
> >> to
> >> store that info.
> >
> > Yeah, I didn't spend time to learn about the Win API / Registry, but
> > if someone spare time to implement registry based sources it'd be
> cool.
> >
> >> That way we would only need to implement reading/writing event log
> >> entries
> >> itself in a platform specific way, and we could use your
> implementation
> >> for
> >> linux (and perhaps for the time being also for windows).
> >
> > Or, on windows we could just use windows event log API (if exists).
> >
> > Atsushi Eno
> > _______________________________________________
> > Mono-devel-list mailing list
> > Mono-devel-list at lists.ximian.com
> > http://lists.ximian.com/mailman/listinfo/mono-devel-list
> 
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list




More information about the Mono-devel-list mailing list