Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
The Event Logging API was designed for applications that run on the Windows Server 2003, Windows XP, or Windows 2000 operating system. In Windows Vista, the event logging infrastructure was redesigned. Applications that are designed to run on the Windows Vista or later operating systems should now use Windows Event Log.
The Security log is designed for use by the system. However, users can read and clear the Security log if they have been granted the SE_SECURITY_NAME privilege (the "manage auditing and security log" user right). For more information, see Privileges.
Only the Local Security Authority (Lsass.exe) has write permission for the Security log. No other account can request this privilege. To write an event to the Security log, use the AuthzReportSecurityEvent function.
Access to the Application log, the System log, and custom logs is restricted. The system grants access based on the access rights granted to the account under which the thread is running. The following table shows which types of access are required by the event logging functions.
| Access right | Description |
|---|---|
| ELF_LOGFILE_CLEAR (0x0004) | Required by ClearEventLog. |
| ELF_LOGFILE_READ (0x0001) | Required by OpenBackupEventLog and OpenEventLog. |
| ELF_LOGFILE_WRITE (0x0002) | Required by RegisterEventSource. |
Use the CustomSD registry value to configure the security of the Application log, the System log, and custom logs. For more information, see Eventlog Key.