Write to Windows Event Log

Report · Mar 29, 2022

I have a CF 2018 install (2018.0.13.329786) on Windows Server 2016 Standard and I need to write events to the Windows Event Log. How can I do this?

Report · Mar 30, 2022

First of all, why would ColdFusion want to interact with the Operating System in this way?

Report · Mar 30, 2022

It is part of a security-related initiative required by my IT department. Can it be done?

Report · Apr 01, 2022

Can it be done?

By CFawesome

I'm not sure. But I have an idea that I wish to share with you.

Here's just a sketch, with the hope you will look into it further and fill in the details:

Create a .NET object in ColdFusion from a class of the appropriate .NET assembly. In this case, the assembly is likely to be System.Diagnostics.EventLog.dll. Example:
```
<cfobject type=".NET" name="EventLogObject" class="EventLog" assembly="full_path_to_EventLog_DLL">  
```

Use the EventLog object to call its WriteEntry method:

<cfset EventLogObject.WriteEntry(source, message, type, eventID, category, rawData)>

<!--- Argument Types:
source: string, 
message: string, 
type: System.Diagnostics.EventLogEntryType or enum, 
eventID: int, 
category: short, 
rawData: byte[]
 --->

Report · Apr 11, 2022

Thank you for this suggestion. Please forgive my ignorance of all things .NET, but is that DLL something that should exist on my Windows 2016 standard server or do I need to install some .NET components? I don't see it on the box.

Report · Apr 15, 2022

As System.Diagnostics.EventLog.dll is a system DLL, I suppose ColdFusion can access the EventLog class directly. If you dump the resulting object, you will see its functions, as well as the signature of each function.

<cfobject type=".NET" name="eventLogClass" class="System.Diagnostics.EventLog">
<cfdump var="#eventLogClass#">

Do a google search of each function and each of the other elements in turn. For example, a search on the web tells you that System.Diagnostics.EventLogEntryType is of type Enum. The value EventLogEntryType.Information is 4. So, to create an EventLog entry of type "Information", I would do something like:

<cfobject type=".NET" name="eventLogEntryType" class="System.Diagnostics.EventLogEntryType">
<cfset eventLogInformationType=eventLogEntryType.Information>
<!--- Alternatively, assuming there will be casting. (Unwise assumption) --->
<!--- <cfset eventLogInformationType=4>--->

I hope I have provided you with enough information for you to start the process of searching, followed by trial and error. That is what I myself have done.

If you got stuck, you might want to consider the following alternative: use Powershell to write to Event Logs.

I copied the following Powershell command from the web, and ran it with ColdFusion's cfexecute. It duly wrote to my Windows 10 Event Logs:

<cfexecute
name="C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe"
arguments=" Write-EventLog -LogName 'Application' -Source 'Application' -EventID 3001 -EntryType Information -Message 'MyApp added a user-requested feature to the display.' -Category 1 -RawData 10,20"
timeout="20">
</cfexecute>

Report · Apr 16, 2022

Hi @CFawesome , I have awesome news. 🙂

The following code is a proof-of-concept. It shows you can infact use ColdFusion to write data to Windows Event Log.

<cfobject type=".NET" name="eventLogClass" class="System.Diagnostics.EventLog">
<!--- Obtain an EventLog instance --->
<cfset eventLog=eventLogClass.init()>

<cfobject type=".NET" name="eventLogEntryType" class="System.Diagnostics.EventLogEntryType">
<!--- EventLogEntryType is a C# enum. "Information" type corresponds to the value 4.--->
<cfset eventLogInformationType=eventLogEntryType.Information>

<!--- The event source --->
<cfset eventSource="MyTestApplication">

<!--- The event log message, which will be written as 'EventData' --->
<cfset eventMessage="My test event-message is bla-di-bla-di=bla-di-bla">

<!--- Write the message --->
<cfset eventLog.WriteEntry(eventSource, eventMessage, eventLogInformationType)>

Done writing event-data to Windows Event Log.

Run the code, then verify as follows:

Go to Control Panel > Administrative Tools and open Event Viewer.
Click on the row corresponding to the Source "MyTestApplication".
Confirm that the event-message has been written.

Report · Apr 19, 2022

This works perfectly for what I need. Thank you so much for this information. I really appreciate your time and effort to help me.

Report · Apr 19, 2022

Nice to hear. I'm glad to have helped.

Report · Aug 14, 2024

@BKBK , I was excited to use this solution however I don't have System.Diagnostics.EventLog installed on my laptop and I've been unsuccessful at Googling how to get. Any suggestions?

Report · Aug 14, 2024

@Jlibean , How do you know you don't have System.Diagnostics.EventLog installed? In any case, you should:

apply Windows Update;

download and install any .NET libraries recommended by Windows Update.

Then run the following test code

<cfobject type=".NET" name="eventLogClass" class="System.Diagnostics.EventLog">
<cfdump var="#eventLogClass#">

Report · Aug 14, 2024

I receive this message when executing your code. I've searched my system for the DLL and it's not found. I'm running Windows 11 and have no updates that need to be installed.

Report · Aug 14, 2024

@Jlibean , did you install the .NET Integration Service that comes with ColdFusion? The error suggests that you probably didn't. So, install it, and see what happens.

Report · Aug 14, 2024

You will find the download for the ColdFusion .NET Integration Service at https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#download0 . Click on the link "Download additional Adobe ColdFusion (2023 release) Server Installers"

Report · Aug 14, 2024

Great stuff. Thanks for sharing, BKBK. A couple of follow-ups, first to Jlibean and other readers, then to BKBK (relating these most recent comments to his earlier "correct answer".)

First, while Jlibean reported the error (on their CF11) as "Class System.Diagnostics. EventLog not found in the specified assembly list", i can cinfirm that is what you will see if you don't have the CF .NET integration service installed at all.

Conversely, if it's tried when one has it installed but not running, the error will instead show as, "DotNet Side does not seem to be running". I experienced that on CF2023 and also CF2018 (didn't confirm with 11).

Sadly, neither message really conveys the root cause problem. And to that point, BKBK, it could help folks if you would edit your original "accepted answer" to add mention of this need to have the CF .NET integration installed and running. So many folks finding the discussion may only read that one answer, and give up when it doesn't work. 🙂

You could just note it as an update, and even point to your last comment above for those download details--though, again some may well have it installed but just not running.

Oh, and that code ends up writing to the Windows "Application" Event Log (not "System" nor any other app-specific one), since no "Log" property was set in that code. More on that EventLog object in the MS docs for it.

/Charlie (troubleshooter, carehart. org)

Report · Aug 15, 2024

First, while Jlibean reported the error (on their CF11) as "Class System.Diagnostics. EventLog not found in the specified assembly list", i can cinfirm that is what you will see if you don't have the CF .NET integration service installed at all.

Conversely, if it's tried when one has it installed but not running, the error will instead show as, "DotNet Side does not seem to be running". I experienced that on CF2023 and also CF2018 (didn't confirm with 11).

Sadly, neither message really conveys the root cause problem. And to that point, BKBK, it could help folks if you would ... add mention of this need to have the CF .NET integration installed and running.

You could just note it as an update, and even point to your last comment above for those download details--though, again some may well have it installed but just not running.

Oh, and that code ends up writing to the Windows "Application" Event Log (not "System" nor any other app-specific one), since no "Log" property was set in that code. More on that EventLog object in the MS docs for it.

By Charlie Arehart

Thanks for the remark, Charlie. It is an important addition to the solution.

Report · Aug 15, 2024

@BKBK , you're my hero! I wasn't even thinking about the .NET Integration Services as part of the CF 2023 install. Thank you so much! I can now see the cfdump info.

Report · Aug 15, 2024

Thanks, @Jlibean , for your kind words.

Report · Mar 30, 2022

Update: See the "correct answer" above from BKBK, written in April 2022, rather than my answer below which was written prior to it in March. Even so, I leave below what I'd said, in case the github repo may ever help anyone finding this.

I'll say that I'm not aware of any feature in cf to support it, if that's what you seek specifically. This from both my long experience with it, and from searching for any, as I'm sure you did also.

And as you may have found, others have suggested Java solutions in the past. One seems to be based on log4j1, which is deprecated and may be unsafe to rely on. The other is not, log4jna, available at https://github.com/dblock/log4jna. (It too works with log4j, but it doesn't seem limited to log4j 1, as it seems the other, from what I could find.) I didn't readily find examples of calling it, but it is possible to call Java objects from cfml, pretty easily.

Let's hear what you think, or what others may add.

/Charlie (troubleshooter, carehart. org)

Write to Windows Event Log

1 Correct answer

Photos