Will give clear discription of Event log and applying to your code By Shashikanth

1. Event log/Event viewer Understanding Event log for a more secured environment.

2. Overview Introducing… the Event Log Why Monitor Logs Enabling Event Logging Different Event Logs

3. Introducing…Event Log Centralized log service to allow applications and the operating system to report events that have taken place. Introduced with Windows NT 4 (1993). Main Windows Logs Application (example: Database message) System (example: driver failure) Security (example: Logon attempt, file access) A Windows 2003 domain controller will also include Directory Service (example: Active Directory connection problem) File Replication (example: domain controller information updates) DNS Vista has introduced a lot of changes

5. Audit and analysis

6. ArchivingThe event log should also enable the organization to implement internal security policies. Each policy can be set to audit success events only, failure events only, success/failure events, or no auditing at all.

8. Account logon events (for domain accounts)

9. Logon events (local machine events)

10. Object access (user accessing an object such as file, folder, printer)

11. Policy change (changes in the audit, user rights and trust policies)

12. Process tracking (detailed tracking information)

14. Lack of security policies to help and identify events and processes to be audited (e.g. Messenger)

15. The event logs are just a portion of the “chain of evidence”.

17. Event Viewer/ Event logs

18. Event Properties …

19. Application Log The application log file contains events that are logged by the applications used on a computer system. Events that are written to the application log are determined by the developers of the software program, not the operating system. Unfortunately not all applications are programmed to write logs. Examples: failure of MS SQL to access a database. when your virus scanner encounters a problem, it could bring this to your attention through the application log.

20. System Log The system log file contains events that are logged by the operating system components. These events are often predetermined by the operating system itself. System log files may contain information about device changes, device drivers, system changes, events, operations and more. Example: Failure of a service to start at boot up.

21. Security Log Events related to resource use, such as creating, opening, or deleting files or other objects. Records events you've set for auditing with local or global group policies. It is used to bring valid and invalid logon attempts to your attention. We need to have an account with administrative privileges to enable, use and specify which events are logged in the security log.

22. Setup Log Each execution of Setup creates log files with a new time stamped log folder. Gives information about the successful or unsuccessful execution of any setup files.

23. Events Information event Success event Failure event Warning event Error event

24. Managing Event logs in C# Class EventLog Class EventLogEntries Class EventLogEntryCollection Class EventSourceCreationData

25. EventLog: Static Members: CreateEventSource(); Source Exists(); Exists(); Delete(); DeleteEventSource(); GetEventLogs(); LogNameFromSourceName(); WriteEntry();

26. CreateEventSource() It creates a new log The log that you specified in a call to this method not exist then System Creates a custom log and Register your application as Source The Source register your application with Event log as a valid Source of Entries You can only use Source to write one Log at a time Source can be any string but must be distinct on computer

27. Overloads of CreateEventSource() CreateEventSource(SourceName,LogName); CreateEventSource(SourceName,LogName, MachineName); CreateEventSource(EventSourceCreationData obj);

28. SourceExist() It will check Whether specified source exist or not bool SourceExist(string SourceName); Check Whether specified source exist or not in Current machine Bool SourceExist(SourceName,MachineName); Check Whether specified source exist or not in specified machine.

29. Exists():- It will Check whether Specified Log is Exist or not public static bool Exists( string logName ) Checks on local Computer public static bool Exists( string logName, string machineName ) Checks on Specified Computer.

30. Delete():- Removes EventLog from Local/Specified computer public static void Delete( string logName ) public static void Delete( string logName, string machineName )

31. DeleteEventSource():- Removes the event source registration from the event log of the local/Specified computer. public static void DeleteEventSource( string source ) public static void DeleteEventSource( string source, string machineName )

32. GetEventLogs():- Searches for all event logs on the local/Specified computer and creates an array of EventLog objects that contain the list. public staticEventLog[] GetEventLogs() public static EventLog[] GetEventLogs( string machineName )

33. LogNameFromSourceName():- Gets the name of the log to which the specified source is registered on specified computer public static string LogNameFromSourceName( string Source, string machineName )

34. WriteEntry():- Writes a new record in the specified log where the Source was registered Entry may consist of:- Message text to the event log. EnentLogEntryType EventId Category rawData(byte[])

35. Overloads of WriteEntry():- public static void WriteEntry( string source, string message ) public static void WriteEntry( string source, string message, EventLogEntryType type ) public static void WriteEntry( string source, string message, EventLogEntryType type, int eventID ) public static void WriteEntry( string source, string message, EventLogEntryType type, int eventID, short category )

36. Properties:- Log:- Gets or sets the name of the log to read from or write to. LogDisplayName:- Gets the event log's friendly name. MachineName :-Gets or sets the name of the computer on which to read or write events. Source :-Gets or sets the source name to register and use when writing to the event log. Entries :-Gets the contents of the event log.

37. Constructor:- EventLog():-Initializes a new instance of the EventLog class. Does not associate the instance with any log. EventLog(String LogName):- Initializes a new instance of the EventLog class. Associates the instance with a log on the local computer. EventLog(String Logname, String machine):- Initializes a new instance of the EventLog class. Associates the instance with a log on the specified computer. EventLog(String log, String computer, String source):- Initializes a new instance of the EventLog class. Associates the instance with a log on the specified computer and creates or assigns the specified source to the EventLog.

38. Non Static Members:- Programmatic Explanation..