Using Log4j NTEventLogAppender with ActiveMQ running as service under Windows Server 2008

I am trying to use Log4J's NTEventLogAppender to log ERROR level messages to the Windows "Application" event log for an existing installation of ActiveMQ 5.4.2 running as a service on Windows Server 2008, SP2 32bit (in our production environment, the server monitoring software, Solar Windows, keeps tabs on the windows event logs and aggregates certain information written to it). I obtained the 32-bit "NTEventLogAppender.dll" and copied it to c:\windows\system32.

I am very familiar with Log4J but not with the NTEventLogAppender appender.

If I start ActiveMQ in a console window (either running as "Administrator" or not), all is well. However, if I start ActiveMQ as a service (e.g. "net start activemq"), the service wrapper starts but ActiveMQ itself bombs (due to the calls in Log4J to NTEventLogAppender). Commenting out the applicable NTEventLogAppender lines in log4j.properties cures the problem.

Seems like a Server 2008 permissions problem for ActiveMQ/NTEventLogAppender when it is running as a service instead of as a foreground app under my privileg开发者_StackOverflow社区es. If details of the problem are logged somewhere in the OS, I haven't located it yet.

Btw, I did initially code a small "hello world" console app just to see if I could even write to the event log using NTEventLogAppender on this machine. Not a perfect test but it worked so I know that under certain circumstances, I can make NTEventLogAppender work (ran app in a non-administrator console).

For what it is worth, here is the applicable snippet from log4j.properties:

log4j.appender.NTEVENT=org.apache.log4j.nt.NTEventLogAppender log4j.appender.NTEVENT.source=ActiveMQ log4j.appender.NTEVENT.layout=org.apache.log4j.PatternLayout log4j.appender.NTEVENT.layout.ConversionPattern=%d | %-5p | %m | %c | %t%n log4j.appender.NTEVENT.threshold=ERROR

Also, this key does currently exist in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\ActiveMQ] "EventMessageFile"=C:\Windows\System32\NTEventLogAppender.dll "CategoryMessageFile"=C:\Windows\System32\NTEventLogAppender.dll "TypesSupported"=dword:00000007 "CategoryCount"=dword:00000006

Any ideas?

I think this is more a question for serverfault but:

does your serviceaccount have access to write to the eventlog ?