Reputation:
Securing Event Log
I'm working on personal project, which requires reading event from the event log. Generally the workflow of the program is based on the event sequence.
But as far as I know the every one can write to the event log if the event source already exists, which means that everyone can manipulate the program flow.
Is there any way to secure the event log. For example to restrict event source, that only some users where able to write in it? Or some other way?
Upvotes: 0
Views: 59
Answers (2)
Reputation: 12683
I may also add on to Anders Abel. Not only can it be written to, it can also be cleared without notice. This may have serious adverse affects to your program if not handled correctly.
There are ways to "secure" the event log using user permissions etc, however this doesn't stop applications or the system from changing the EventLog.
Upvotes: 1
Reputation: 69260
As you've already found out, any user can write to the event log with existing event sources.
You have to treat the event log as unsafe input, that could potentially have been manipulated and that you need to handle carefully.
Without more details on what you are trying to accomplish it's hard to give any more specific advice.
Upvotes: 3
Related Questions
- How do I avoid this SecurityException when writing to the Event Log?
- Writing to the application event log
- Creating a Custom Event Log (Security Error)
- Validate Eventlog Write Permission
- Using EventLog objects can cause security holes?
- Windows Event Log Concerns?
- How to read event log without administrative permissions in .NET?
- create a windows logger
- Security Issues Writing to Event Log with My.Application.Log.WriteException
- Robust Event Logging