AuditLogLocation Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Specifies the location where security-related event logs are written.
public enum class AuditLogLocation
public enum AuditLogLocation
type AuditLogLocation =
Public Enum AuditLogLocation
- Inheritance
Fields
Name | Value | Description |
---|---|---|
Default | 0 | Specifies the default location, which is determined by the operating system. If writing to the Security log is supported (such as on Windows Vista and Windows Server 2003 and later platforms), the default log location is the Security log. Otherwise (such as in Windows XP SP2), the default log location is the Application log. |
Application | 1 | Specifies the Application log in the event log. |
Security | 2 | Specifies the Security log in the event log. The calling thread must have |
Examples
The following example sets the ServiceSecurityAuditBehavior.AuditLogLocation property to one of the AuditLogLocation
values:
public static void Main()
{
// Get base address from appsettings in configuration.
Uri baseAddress = new Uri(ConfigurationManager.
AppSettings["baseAddress"]);
// Create a ServiceHost for the CalculatorService type
// and provide the base address.
using (ServiceHost serviceHost = new
ServiceHost(typeof(CalculatorService), baseAddress))
{
// Create a new auditing behavior and set the log location.
ServiceSecurityAuditBehavior newAudit =
new ServiceSecurityAuditBehavior();
newAudit.AuditLogLocation =
AuditLogLocation.Application;
newAudit.MessageAuthenticationAuditLevel =
AuditLevel.SuccessOrFailure;
newAudit.ServiceAuthorizationAuditLevel =
AuditLevel.SuccessOrFailure;
newAudit.SuppressAuditFailure = false;
// Remove the old behavior and add the new.
serviceHost.Description.
Behaviors.Remove<ServiceSecurityAuditBehavior>();
serviceHost.Description.Behaviors.Add(newAudit);
// Open the ServiceHostBase to create listeners
// and start listening for messages.
serviceHost.Open();
// The service can now be accessed.
Console.WriteLine("The service is ready.");
Console.WriteLine("Press <ENTER> to terminate service.");
Console.WriteLine();
Console.ReadLine();
// Close the ServiceHostBase to shutdown the service.
serviceHost.Close();
}
}
Public Shared Sub Main()
' Get base address from appsettings in configuration.
Dim baseAddress As New Uri(ConfigurationManager.AppSettings("baseAddress"))
' Create a ServiceHost for the CalculatorService type
' and provide the base address.
Dim serviceHost As New ServiceHost(GetType(CalculatorService), baseAddress)
Try
' Create a new auditing behavior and set the log location.
Dim newAudit As New ServiceSecurityAuditBehavior()
newAudit.AuditLogLocation = AuditLogLocation.Application
newAudit.MessageAuthenticationAuditLevel = _
AuditLevel.SuccessOrFailure
newAudit.ServiceAuthorizationAuditLevel = _
AuditLevel.SuccessOrFailure
newAudit.SuppressAuditFailure = False
' Remove the old behavior and add the new.
serviceHost.Description.Behaviors.Remove(Of ServiceSecurityAuditBehavior)
serviceHost.Description.Behaviors.Add(newAudit)
' Open the ServiceHostBase to create listeners
' and start listening for messages.
serviceHost.Open()
' The service can now be accessed.
Console.WriteLine("The service is ready.")
Console.WriteLine("Press <ENTER> to terminate service.")
Console.WriteLine()
Console.ReadLine()
' Close the ServiceHostBase to shutdown the service.
serviceHost.Close()
Finally
End Try
End Sub
Remarks
When creating a Windows Communication Foundation (WCF) application that requires authentication and/or authorization of callers, you can specify that events related to security be recorded for either success, failure, or both. The location of the log is determined by this enumeration.
The level of the audit log is specified by setting the MessageAuthenticationAuditLevel or the ServiceAuthorizationAuditLevel property of the ServiceSecurityAuditBehavior class to one of the AuditLevel values.
You can also specify audit behavior using the <serviceSecurityAudit> binding.
Important
If the AuditLogLocation property is set to Security and Audit Object Access
is not set in the Local Security Policy
, audit events will not be written to the Security log. No failure is returned, but audit entries will not be written to the Security log. In addition, the calling thread must have SeAuditPrivilege
to be able to write to the Security log.
Default Dependent on Operating System
When setting the property to the Default value, the operating system determines which log will actually be written to. For more information, see Auditing.