Chapter 20. The Event Log Service
The Event Log Service (ELS) is a component of the Windows operating system used to record and monitor significant events in a common and unified way. We begin this chapter by discussing the overall design of the ELS and then proceed to demonstrate how to use the ELS in your programs. The .NET Framework does not support the full functionality of the ELS, and while complete coverage of the ELS functionality is beyond the scope of this book, we do provide enough detail for you to understand the .NET ELS support; consult the Windows API documentation for complete coverage of the ELS.
The Event Log Service Explained
In this section, we discuss the overall structure of the ELS and introduce three important elements of its design: event logs, event sources, and events. The principal security aspect of the ELS is as the means to audit Windows security events, for which .NET unfortunately does not provide good support. However, the ELS is an important tool that you should use within your own projects to record important application events.
Event Logs
The ELS defines a common format for storing events persistently in log files. The details of the file format and the location of the file on disk are not important to the programmer; the ELS acts as a broker between the source of an event (an application, device driver, etc.) and the log file in which the event is written. The ELS supports three default event logs, each of which has a specific purpose:
- The System ...
Get Programming .NET Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
