In this article I have explained a solution for centralized event logging using web services. This solution is suitable for the following scenarios:
- In a distributed environment where we may need to log events to the centralized event log to analyze the failure of certain components or functionality.
- In very large enterprises there would be a requirement to log events in a centralized server by different applications running on different servers in different locations.
If we follow the normal approach of writing to the event log there would be security breaches and you will not be able to access the event log in a centralized server due to insufficient privileges. At the same time the server administrator will not be able to share the IP or other secret data. But this solution doesn't require you to share any secret data.
Basic event logging
All the classes required for logging events to the Windows event log are in the
System.Diagnostics namespace. The most important class is the
EventLog class. This allows reading and writing of event log entries. However, before any logs can be written an
EventSource must be defined. The source can also be defined or created during writing. The API checks for the existence of the source and if none exists a source is created on the fly.
To read event logs the
EventLog class has a property called
Entries which is a
EventLogEntryCollection. As is obvious, this is a collection of
EventLogEntrys. Every entry in any event log is an instance of
EventLogEntry. Along with some obvious properties, like
EventId it has an
EntryType property. This is an enumeration which indicates the type of the event log like
Warning. This allows for the grouping of log event entries into different levels of severity.
Using the code
- Create a class library project and name it as EventLogInstaller and rename the default Class.cs to MyEventLogInstaller.cs.
- Add a reference to System.Configuration.Install.dll.
- Paste the following code in a class:
public class MyEventLogInstaller : Installer
private EventLogInstaller myEventLogInstaller;
myEventLogInstaller = new EventLogInstaller();
myEventLogInstaller.Source = "EventSourceTEST";
myEventLogInstaller.Log = "Application";
- Build the project. Now you have got EventLogInstaller.dll in the concerned bin\debug folder.
- Install the EventLogInstaller.dll in a centralized server where you want to host the web service. Run InstallUtil EventLogInstaller.dll to do the same.
- Now the DLL would have created an event source
EventSourceTEST for you in a server registry.
- Check the same using RegEdit and locate "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Eventlog\Application\EventSourceTest".
- Next create a web service project and add the required methods to read and write to the event log as follows. Here I have given only the write method.
public void WriteLog(string msg)
EventLog ev = new EventLog("Application");
ev.Source = "EventSourceTEST";
- Compile and host it in a centralized server IIS.
- Next create either a Windows or a web client application to consume the web service.
- Add web reference to create a proxy class for your application to consume the web service.
- Just send a message to write to the event log. Here I have given a sample for web client. I have written a code in the command button
private void Button1_Click(object sender, System.EventArgs e)
Response.Write("Hi your message has been logged " +
"successfully, View it using Event Viewer");
- Check the event log using event viewer in administrative tools. Your message would have been logged.
Since we are using web service it can also pass firewalls. For more information write to email@example.com.