none
Create Windows Service to pull Event Log entry RRS feed

  • Question

  • Is it possible to create a windows service in VB.net that will run when no one is logged on to pull events from the security event log?

    I already have the app to pull the data from the database.

    Saturday, April 13, 2019 7:28 PM

All replies

  • First off I don't have any code other then presented.

    Windows services can be interesting to work with in regards to permissions so keep that in mind.

    I would suggest looking at the following pattern for reading event logs.

    Requires this import -> Imports System.Diagnostics.Eventing.Reader

    Dim eventID As String = "5312"
    Dim LogSource As String = "Microsoft-Windows-GroupPolicy/Operational"
    Dim query As String = $"*[System/EventID={eventID}]"
    
    Dim elq = New EventLogQuery(LogSource, PathType.LogName, query)
    Dim reader = New EventLogReader(elq)
    
    Dim eventList As New List(Of EventRecord)()
    Dim eventInstance As EventRecord = reader.ReadEvent()
    Do While Nothing IsNot eventInstance
        'Access event properties here:
        'eventInstance.LogName;
        'eventInstance.ProviderName;
        eventList.Add(eventInstance)
        eventInstance = reader.ReadEvent()
    Loop


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Saturday, April 13, 2019 9:26 PM
    Moderator
  • Thanks Karen, I have something similar that runs but I can not keep it running in the background as a console app, so I dont know how to set it into a windows service, any ideas?

    My version runs in a similar manner but runs in a loop with a timestamp so it only executes a write to a database once per event.

    Sunday, April 14, 2019 12:27 AM
  • The way to keep a service running is to use a System.Threading.Timer which you pass to the constructor a TimerCallback delegate.

    I have not done this in VB.NET but have in C#. If you don't mind looking at the C#, this line is where I create the Timer and on this line I do the delegate.

    The path, when the service starts in OnStart I run ScheduleService method which determines when to trigger the service via a Timer. When the delegate for the Timer completes the last line runs ScheduleService again and setup is done for the delegate. So overall the service runs until it's stopped by a system restart or by a manual human intervention via the command line or from task manager.

    You could also look at Topshelf, check out "Service recovery" (see docs) which can restart itself.

    Unfortunately most code samples will be in C#.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    • Proposed as answer by Alex Li-MSFT Thursday, April 25, 2019 1:31 AM
    Sunday, April 14, 2019 1:09 AM
    Moderator
  • The key to using the Windows service is on the OnStart(),  you want to spawn a thread. You will be using a thread Start delegate.

    In the thread start delegate, you will want to use a While True loop.

    in the loop, you will want to use a Thread.Sleep()  for x amout of microseconds. 

    The Thread.Sleep() expiries, then the procedural code in the loop does its thing,  and it loops back to go to sleep again in the While loop.

    On the Onstop() event, you have to kill the Thread, becuase the service will be stopped but the spawned thread will still be running.

     https://www.codeproject.com/Articles/6678/Introduction-to-Threads-in-C

    https://www.aspsnippets.com/Articles/Tutorial-to-create-a-simple-Windows-Service-with-sample-example-in-C-and-VBNet.aspx

    https://medium.com/xster-tech/multi-threading-and-delegates-tutorial-in-vb-net-1060ef1cd8e7

    Sunday, April 14, 2019 4:13 AM
  • Ryan,

    If I make a windows service I also make first a console application. On this page is in my perception everything written what you ask. 

    https://docs.microsoft.com/en-us/dotnet/framework/windows-services/how-to-install-and-uninstall-services

    However, I don't know if a service runs with no user logged on but that is more a kind of Windows OS question. 


    Success
    Cor

    Sunday, April 14, 2019 5:01 PM
  • There is a sample VB.Net service that you can download at https://code.msdn.microsoft.com/windowsapps/VBWindowsService-3fc2805b

    According to the description it is already structured to perform its main processing in a thread pool worker thread.

    Sunday, April 14, 2019 8:38 PM
  • Hi everybody,

    what I'll suggest is about taking a look at two properties in two levels the first is the StartType of the service installer, the second is the account under which the service will run, after adding service installer to your project you can add the following code to your ProjectInstaller vb file 'notice for the account you should choose the most adequate for your requirement':

    Imports System.ComponentModel
    Imports System.Configuration.Install
    
    Public Class ProjectInstaller
    
        Public Sub New()
            MyBase.New()
    
            InitializeComponent()
    
            Me.ServiceInstaller1.StartType = ServiceProcess.ServiceStartMode.Automatic
            Me.ServiceProcessInstaller1.Account = ServiceProcess.ServiceAccount.LocalService
    
        End Sub
    
    End Class

    or you can simply go to the designer and select the options you need :

    ServiceInstaller.StartType:


    ServiceProcessInstaller.Account :

    Good Coding;


    Sunday, April 14, 2019 9:30 PM