Event Log

Lesson Summary

*
The Windows event log mechanism is a convenient tool for developers to record information that they think might be useful in the future to system administrators or users.
*
There are myriad ways to log information, but the event log mechanism provides a clean, object-oriented way to handle this task.
*
Use the Source property of the EventLog to define where the information is coming from.
*
Use the EventLogEntryType to specify what type of entry the output will be.
*
The primary object for interacting with the event log system is the EventLog class in the System.Diagnostics namespace.
*
Although the EventLog class provides substantial functionality that is simple to use, it does have overhead in terms of resources. It should be used judiciously.
*
Many security vulnerabilities can be raised when using EventLog objects. Therefore, you should avoid using them in partial trust environments and avoid passing such objects to a partial trust environment.
*
To remove all the entries in an event log, use the Clear method.
*
The Message property of the EventLogEntry is used to read back the information that was written to the EventLog object.


Answers

Answers to these questions and explanations of why each answer choice is right or wrong are located in the "Answers" section at the end of the book.

1.


You need to log application state information for your application. The application will run in a Full Trust environment but will make calls to partial trust assemblies. Which statement best describes how this should be handled?

1.

Use the EventLog class as necessary.
2.

Use the EventLog class in assemblies that will have no contact with the partial trust assemblies.
3.

Avoid the use of EventLog class objects because the security risk is too high.
4.

Use EventLog objects, but ensure that they are specific to this application. If they are used by a partial trust object, create a separate log for security reasons.



Image from book

2.
Which of the following considerations should be taken into account when using EventLog objects? (Choose all that apply.)

1.

They can fill up if overused, so writing to them should be done judiciously.
2.

They should be avoided in all partial trust environments.
3.

They are potential resource hogs, so they should be used judiciously.
4.

They are one of the safest mechanisms available to perform I/O operations, so they should be used wherever possible.



Image from book

3.


What method of the EventLog object should be used to clear an EventLog?

1.

Call the Clear method for each item in the log.
2.

Use RemoveEntries and then call the Clear method.
3.

Use the Clear method.
4.

Use the ClearAll method.



Image from book

4.


What method of the EventLog class should be used to delete an EventLog object?

1.

Use the ClearLog method.
2.

Use the RemoveLog method.
3.

Use the Delete method.
4.

Use the DeleteLog method.



Image from book

5.


Which types of messages can be written to an event log? (Choose all that apply.)

1.

Error
2.

Warning
3.

Information
4.

SuccessAudit



Image from book

6.


Which logs are available by default in the Windows event log mechanism? (Choose all that apply.)

1.

Application
2.

Security
3.

System
4.

Audit



Image from book

Answers

1.


Correct Answer: B

1.

Incorrect: Because the code might be used by partial trust objects that have a malicious purpose, care needs to be taken and EventLog objects should be used with caution.
2.

Correct: EventLog objects are secure to use as long as they are not used by partial trust assemblies. If partial trust assemblies are avoided, there should be no security issues.
3.

Incorrect: It is secure to use EventLog objects as long as they are used with the proper security boundaries in place.
4.

Incorrect: There is no practical way to implement this solution. Therefore, this answer choice is incorrect.

2.


Correct Answer: A, B, and C

1.

Correct: There are disk space limitations, so overuse of EventLog objects can cause problems.
2.

Correct: Use of EventLog objects in partial trust scenarios poses multiple security risks.
3.

Correct: EventLog objects use many system resources, so unrestrained use of them can put unnecessary strains on the system.
4.

Incorrect: They are secure if used correctly; however, they do require special permissions and do have partial trust implications.

3.


Correct Answer: C

1.

Incorrect Calling Clear will handle all entries, so it does not need to be called individually.
2.

Incorrect: The Clear method alone accomplishes the task.
3.

Correct: This is the only available method that accomplishes the task.
4.

Incorrect: There is no ClearAll method. The Clear method accomplishes the task.

4.


Correct Answer: C

1.

Incorrect: There is no ClearLog method of the EventLog class.
2.

Incorrect: There is no RemoveLog method of the EventLog class.
3.

Correct: The Delete method is the only available choice to delete an EventLog object.
4.

Incorrect: There is no RemoveLog method of the EventLog class.

5.


Correct Answers: A, B, C, and D

1.

Correct: Error entries are valid.
2.

Correct: Warning entries are valid
3.

Correct: Information entries are valid.
4.

Correct: SuccessAudit entries are valid.

6.


Correct Answers: A, B, and C

1.

Correct: By default, the Application log is provided.
2.

Correct: By default, the Security log is provided.
3.

Correct: By default, the System log is provided.
4.

Incorrect: Although a specific event log named Audit could be created, there is no such log provided by default.