CONTENTS:- What is Event Log Service ? Types of event logs and their purpose. How and when the Event Log is useful? What is Event Viewer? Briefing Event Structure. Different Event Types Example Event Logging Functions References
The Event Log Service (ELS) is a component of the Windows operating system used to record and monitor significant events in a common and unified way. Many applications record errors and events in various proprietary error logs. These proprietary error logs have different formats and display different user interfaces. Moreover, you cannot merge the data to provide a complete report. Therefore, you need to check a variety of sources to diagnose problems.
To handle this problem, we have Event logging mechanism. It provides a standard, centralized way for applications (and the operating system) to record important software and hardware events. The event-logging service stores events from various sources in a single collection called an event log. The Event Viewer enables you to view logs; the programming interface also enables you to examine logs. The ELS acts as a mediator between the source of an event (an application, device driver, etc.) and the log file in which the event is written.
All the classes required for logging events to the windows event log are in the System. Diagnostics package. The most important class is the EventLog class. This allows reading and writing of event log entries. However, before any logs can be written an EventSource must be defined. A single line of event logging can greatly ease the tracking down of all exceptions that are not being specifically caught by the application code. The following line of code can be used: EventLog.WriteEntry("MyLogname",Server.GetLastError().To String(),EventLogEntryType.Error);
The ELS supports three default event logs, each of which has a specific purpose: The System Log: The System log records significant events that occur within components of the operating system (for example, a failure within a device driver). The Application log: The Application log records events from applications (for example, an unexpected application failure). The Security log: The Security log provides a record of audited security activity (for example, accessing a protected file). Additional logs may be needed depending on the configuration of the Windows computer. For example: A computer configured as a Domain Name System(DNS) server, will have a DNS server log.
When an error occurs, the system administrator or support representative must determine what caused the error, attempt to recover any lost data, and prevent the error from recurring. It is helpful if applications, the operating system, and other system services record important events such as low- memory conditions or excessive attempts to access a disk. Then the system administrator can use the event log to help determine what conditions caused the error and the context in which it occurred. By periodically viewing the event log, the system administrator may be able to identify problems (such as a failing hard drive) before they cause damage.
To go into details:- Event logs store records of significant events on behalf of the system and applications running on the system. Because the logging functions are general purpose, you must decide what information is appropriate to log. Generally, you should log only information that could be useful in diagnosing a hardware or software problem. Event logging is not intended to be used as a tracing tool. Choosing Events to Log: 1. Resource problems: If an application gets into a low-memory situation (caused by a code bug or inadequate memory) that degrades performance, logging a warning event when memory allocation fails might provide a clue about what went wrong.
Hardware problems: If a device driver encounters a disk controller time-out, a power failure in a parallel port, or a data error from a network or serial card, logging information about these events can help the system administrator diagnose hardware problems. The device driver logs the error. Bad sectors : If a disk driver encounters a bad sector, it may be able to read from or write to the sector after retrying the operation, but the sector will go bad eventually. Therefore, if the disk driver can proceed, it should log a warning; otherwise, it should log an error event. If a file system driver finds a large number of bad sectors, fixes them, and logs warning events, logging information of this type might indicate that the disk is about to fail.
Information events: A server application (such as a database server) records a user logging on, opening a database, or starting a file transfer. The server can also log error events it encounters (cannot access file, host process disconnected, and so on), a corruption in the database, or whether a file transfer was successful. Event Viewer: Event Viewer is a Windows component that logs program, security and system events on your computer. You can use the Event viewer to manage the event logs, gather information about the software problems and monitor system events. To open the Event Viewer, go to Start -> Run -> eventvwr.
The ELS uses a standardized structure to represent all events, irrespective of the log in which the event will be stored. The following is the structure of an event:-
Event source name: This is the name of the event source used to log the event.(Typically name of the application). Message: This component gives description of the event, which may be used in determining the cause of a problem. Event type: There are five types of events that can be logged. All event classifications have well-defined common data and can optionally include event-specific data. The application indicates the event type when it reports an event. Event identifier and event category: The event identifier and category are application-specific numeric values. Binary data: The event may contain binary data that is of use to someone trying to resolve the problem that caused this event to occur
The Event types are classified into the following different types. Information - This type indicates a successful operation of an application. An example is a successful loading of a new virus definition file by antivirus software. Warning - This type indicates that there could be a potential problem in the future. The entries help in taking preventive measures. Error - This type indicates a significant problem. It lets us know if there was a failure in a critical task. Success Audit - This type indicates that an audited security event is successfully completed. For example, when a user authenticates successfully, there may be an entry of this type. Failure Audit - This type indicates that there was a failure of an audited security event.
Implementing the Event Logging mechanism in a.NET WebService. using System. Diagnostics; Let us examine a WebMethod that potentially throws an exception. /// /// A Web method that divides two integers /// /// Numerator /// Denominator [WebMethod] public void DivideNumbers(int intNumerator, int intDenominator) { double dResult;
try { dResult = intNumerator / intDenominator; } catch (Exception e) { //Write to Event Log WriteToEventLog(e.Message, EventLogEntryType.Error); } When an exception occurs, it calls the WriteToEventLog method to write to the Event Log.
BackupEventLog: Saves the specified event log to a backup file. BackupEventLog ClearEventLog: Clears the specified event log, and optionally saves the current copy of the log to a backup file. ClearEventLog CloseEventLog: Closes a read handle to the specified event log. CloseEventLog GetEventLogInformation: Retrieves information about the specified event log. GetEventLogInformation GetNumberOfEventLogRecords: Retrieves the number of records in the specified event log. GetNumberOfEventLogRecords ReportEvent: Writes an entry at the end of the specified event log. ReportEvent
ASP Alliance: Service.all Service.all MSDN: Oreilly.Programming.Dot.NET.Security. by Adam Freeman, Allen Jones
THANK YOU