log4jna: log4j:ERROR Could not register event source (Access is denied.)

Back | log4j, jna, security, win32 | 10/14/2010 |

This is a pretty common problem with NTEventLogAppender (both log4j and log4jna versions) on Windows Vista, 7 or 2008.


I’ll use the demo project in log4jna to demonstrate what’s going on.

First, configure log4j.properties with an NTEventLogAppender and a new event source name (“demo” in the example below).

  1. log4j.rootCategory=INFO, E
  3. org.apache.log4jna.nt.demo=DEBUG
  5. log4j.appender.E = org.apache.log4jna.nt.Win32EventLogAppender
  6. log4j.appender.E.layout = org.apache.log4j.PatternLayout
  7. log4j.appender.E.source = demo
  8. log4j.appender.E.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n

Run the demo as a non-admin user (if you have log4jna source you can do ant run). It fails with the following error.

  1. [java] log4j:ERROR Could not register event source.
  2. [java] com.sun.jna.platform.win32.Win32Exception: Access is denied.
  3. [java]     at com.sun.jna.platform.win32.Advapi32Util.registryCreateKey(Advapi32Util.java:712)
  4. [java]     at org.apache.log4jna.nt.Win32EventLogAppender.registerEventSource(Unknown Source)
  5. [java]     at org.apache.log4jna.nt.Win32EventLogAppender.activateOptions(Unknown Source)
  6. [java]     at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
  7. [java]     at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172)
  8. [java]     at org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104)
  9. [java]     at org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:809)
  10. [java]     at org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:735)
  11. [java]     at org.apache.log4j.PropertyConfigurator.configureRootCategory(PropertyConfigurator.java:615)
  12. [java]     at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:502)
  13. [java]     at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:547)
  14. [java]     at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:483)
  15. [java]     at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
  16. [java]     at org.apache.log4jna.nt.demo.Demo.main(Unknown Source)


Windows Event Log requires a registered event source to fire events to. The NTEventLogAppender attempts to create one automatically, but doesn’t have enough registry permissions to do so. In order to run software as a non-admin, we must create the registry key at software installation time when we do have those registry permissions. In our case, we need to create a demo key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application.


This is sufficient for the application to run and to fire an event without errors. I’ll explain what’s going with the event text in my next post.