>Is the .NET EventLog component the tool I should be using to go about this?
You could, Mindy, though I understand you need to employ impersonation and establish permissions for the account you're impersonating as the ASPNET account cannot modify the event log. Some examples I've seen actually create a new log - in addition to the "Application", "Security" and "System" logs that already exist, and this requires an even higher level of permissions, and some who are more security-savvy than I am may advise that granting these kinds of permissions to your web app compromises your system's security.
What I did was create an XML error log file in a folder outside of the web server's directory tree, then I just open it with a browser. This way the app account only needs permission to write a file to a folder - no execute, read or other permissions.
You can find more information here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbconsecurityramificationsofeventlogs.aspI'd be interested to know what the opinion of older and wiser heads is on this. It would seem maintaining an error log "file" would be "safer" than using the EventLog.
>>-Steve->>
Steve Sawyer
Geeks and Gurus, Inc.