远程 Windows 事件记录 - 授权
我正在尝试在我的 C# 应用程序中实现一个日志记录接口,它将事件记录到本地或远程的“Windows 事件日志记录”。在本地没有问题,因为 System.Diagnostics 是一个易于使用的命名空间。
然而,在远程计算机上执行此操作(登录另一台计算机的 Windows 日志)会带来身份验证和授权问题,即“访问被拒绝”。这是非常可以理解的,因为让每个人都添加日志是不合逻辑的。
我知道创建新的事件文件夹和源只能在本地完成,我已经完成了(让我们称之为“我的应用程序”。我还启动了“远程注册表”服务。
为了方便起见,我一直在测试日志记录功能使用“eventcreate”工具来推断什么是允许的,什么是不允许的。在“以管理员身份运行”cmd 上,
eventcreate /s myLogServer /id 999 /T Error /L "My Application" /so "My Application" /d "Log Test"
并出现“错误:访问被拒绝”。
/u mydomain\myLogServer /p myPassword
这自然会失败, 不想给我更愿意创建一个受限用户,或者更好的是,通过客户端计算机使用 Windows 身份验证(希望当我不输入任何 /u /p 时会发生这种情况)
问题:如何设置它。以便只有指定的用户才能将日志写入指定的日志文件夹? 尝试设置注册表项的权限(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog..)。 尝试设置事件日志文件(*.evtx)的权限。
子问题:我是否需要在 C# 代码中模拟指定用户才能获得授权,或者是否有办法将身份验证详细信息添加到 EventLog 对象?
I am trying to implement a logging interface into my c# application that will log the events to "Windows Event Logging" locally or remotely. Locally there is no problem as System.Diagnostics is an easy to use namespace.
However, doing it on a remote machine(logging on another machine's Windows logs) brings authentication and authorization issues, namely "Access is denied". Which is pretty understandable since it would be illogical to let everybody add logs.
I know that creating a new event folder and source can only be accomplished locally, which I have already done(let's call it "My Application". I have also started "Remote Registry" service.
For convenience, I've been testing logging feature with 'eventcreate' tool in order to deduce what is allowed, what is not. On "Run as Administrator" cmd.
eventcreate /s myLogServer /id 999 /T Error /L "My Application" /so "My Application" /d "Log Test"
This naturally fails with "Error: Access is Denied". When I add
/u mydomain\myLogServer /p myPassword
, then it works fine. However, naturally I don't want to give myLogServer's admin credentials. I'd prefer to create a restricted user or even better, use windows authentication via the client machine(which is hopefully what happens when I don't enter any /u /p).
Question: How can I set it up so that only specified users can write logs to specified log folder?
Tried setting permissions on registry keys(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog..).
Tried setting permissions for event log files(*.evtx).
Sub-question: Will I need to impersonate the specified user in c# code in order to get authorized, or is there a way to add authentication details to an EventLog object?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
根据 TechNet 此处:
在 Windows Server® 中2003、Windows Vista 和 Windows Server® 2008,可以自定义计算机上每个事件日志的权限。此功能在以前版本的 Windows 中不可用。访问控制列表 (ACL) 作为安全描述符定义语言 (SDDL) 字符串存储在注册表中每个事件日志的名为“CustomSD”的 REG_SZ 值中。
According to TechNet here:
In Windows Server® 2003, Windows Vista, and Windows Server® 2008, it is possible to customize the permissions on each event log on a computer. This capability was not available in previous versions of Windows. The access control list (ACL) is stored as a Security Descriptor Definition Language (SDDL) string, in a REG_SZ value called "CustomSD" for each event log in the registry.