Writing to My.Application.Log from a Windows Service

Question

I am trying to write to the application log from a windows service.

I have created a windows service using visual studio 2013 (vb.net)

I have added the following to the app.config file:

<system.diagnostics>
  <sources>
    <source name="DefaultSource" switchName="DefaultSwitch">
      <listeners>
        <add name="EventLog"/>
      </listeners>
    </source>
  </sources>
  <switches>
    <add name="DefaultSwitch" value="Information" />
  </switches>
  <sharedListeners>
    <add name="EventLog"
         type="System.Diagnostics.EventLogTraceListener, 
               System, Version=2.0.0.0, 
               Culture=neutral, PublicKeyToken=b77a5c561934e089"
         initializeData="My Service"/>
  </sharedListeners>
</system.diagnostics>

My app code looks like this:

Protected Overrides Sub OnStart(ByVal args() As String)
    ' Add code here to start your service. This method should set things
    ' in motion so your service can do its work.

    My.Application.Log.WriteEntry("My service started.", TraceEventType.Information)

End Sub

Here is the error:

Service cannot be started. System.Security.SecurityException: The source was not found, but some or all event logs could not be searched.  To create the source, you need permission to read all event logs to make sure that the new source name is unique.  Inaccessible logs: Security.
   at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate)
   at System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate)
   at System.Diagnostics.EventLogInternal.VerifyAndCreateSource(String sourceName, String currentMachineName)
   at System.Diagnostics.EventLogInternal.WriteEvent(EventInstance instance, Byte[] data, Object[] values)
   at System.Diagnostics.EventLog.WriteEvent(EventInstance instance, Object[] values)
   at System.Diagnostics.EventLogTraceListener.TraceEvent(TraceEventCache eventCache, String source, TraceEventType severity, Int32 id, String message)
   at System.Diagnostics.TraceSource.TraceEvent(TraceEventType even...

I am running my service under the 'Local Service' account.

What is the best built-in account to use for running a simple maintenance task service, I don't really want to change security settings - just want it to work with as little config as possible. The service will run on windows server.

---

UPDATE

I tried the Local System account which works fine.

But can I use this account on windows server while not logged in?

Answer 1

You can use the Local System account for a service on a Window Server while not logged in. That's not a problem.

The question is, do you really want to use the Local System account? Usually it has far too high privileges, meaning this could be a security risk.

The security exception you initially got when you used the Local Service account is caused by the fact that that account has too little privileges to perform that task. This is due to the fact that the SourceExists method is called and you can find here that Local Service is not allowed that right : http://msdn.microsoft.com/en-us/library/6s7642se(v=vs.110).aspx

So if you are not concerned with the security risk, for example if this is an isolated system, then you can use the Local System account for your purpose.

If you are concerned you can always create a local account on the Windows Server and setup the appropriate privileges yourself so you know exactly what is allowed and what not.