Announcing my latest side-project: logEnvy, bringing ‘sexy’ to windows and IIS logs

For longer than I care to think about I’ve been working on an app in my spare time to make scouring through Windows and IIS logs from multiple machines easier and more fun. I set deadlines “hey, wouldn’t it be cool to release on Cutler’s birthday” and then some time later “I’m going live on the Windows NT initial release date” (last week) only to enjoy the sound of them rushing by as I sweated over one last feature, or tried to fix one more bug.
Over the week-end I decided to throw caution to the wind and release what I had, warts and all. First of all you can download it here. And now a bit of exposition…

Searching, Sorting and Filtering Windows and IIS logs

logEnvy is eventvwr (the one built into windows) dipped in WPF UI goodness, and turbo-charged with the ability to read IIS logs too. It has a single view over multiple windows and IIS logs – I was sick of looking at IIS and event logs for particular user sessions across multiple machines from a server farm. You can sort and filter just like in eventvwr, but it also has full-text search over the contents of all events. You get a resharper-like indicator in the scroll-bar showing where search results occur in the current set of events, and you can click on the green indicator to select that event, or mouse-over for a tool-tip summary.

It’s ‘agent-less’ – you don’t install anything on the machine you want to read logs from (heck, it doesn’t even have an installer itself), and can read events from remote machines from different domains (providing you have a network connection, and the right security credentials of course).

Event Details View

One of my major gripes with eventvwr circa XP/Server 2003 was the ‘port-hole view’ you were given to read the details of the event you selected. And to add insult to injury it was a modal pop-up! The ‘details’ view in logEnvy shows a textual description for all the selected events, and you can search within the text of the selected entries.

Summary View

This view tries to summarize the current set of events in meaningful ways – currently it shows a breakdown by event type, a breakdown by date or time, and a list of the top 10 event sources in the current set. If a particular summary no-longer adds value (for example if you’ve filtered events to just show errors) it won’t show the breakdown by event type anymore. I’m planning to add more summaries over time.

Timeline View

This view is kind of like the map of the London underground meets event logs, to try and help people see the temporal relationship between events (especially across multiple machines). Events and IIS log entries show up as dots on three ‘tracks’ per event source – information, warning and error. If lots of events occur at a similar time they’re grouped into a single item. You can click on dots to get the textual information about the event(s) in the details view. You can pan and zoom, and there’s a histogram built in to the scroll-bar at the bottom to show you where the most interesting data is.

Two Warnings

First warning – eventually I want to sell logEnvy, it’s still in beta now, and will probably remain this way for a while, but it will eventually be released and cost money. There will always be a ‘free’ version with all the features, but only for local event logs. The good news is if I’ve ever worked on a project with you, talked to me in person or if I know you on-line you’ll automatically get a free license. If you don’t fall into any of these criteria and would still like a free license email me at and I’ll put you on a list. The other way you can get a free license (which I’d really appreciate) is to send me suggestions and bugs, which brings me to my second warning.
The second warning is – there will be bugs. The Timeline view I only added in the last month or so, and it and the summary view are both a bit rough.
Also I’m interested in what features I should be adding. Killer visualisations? Different event sources (SQL Server, ISA, Squid, log4net, SNMP?) What should I be adding? Send hates/likes/suggestions and bug fixes through to If you still have any doubts why not download it here and give it a go.

One last thing - when you download it you’ll get a serial number - because of my crass commercial visions for logEnvy I built the serial-number authentication bit into it already. You can hit the download page as many times as you want and get as many serial numbers as you like, they will stop working when the beta period ends. When you launch the app you’ll need to enter one to use the ‘full’ version.

Pingback from

Twitter Trackbacks for

    Announcing my latest side-project: logEnvy, bringing ‘sexy’ to windows and IIS logs 
4/08/2010 6:15:45 AM
Edward Williams
Hey - very cool...and certainly sexy. I' haven't yet, but I will download it and try it out. As a suggestion, I wonder if you could go after sharepoint logs with this; they are 10x more of nightmare than windows or IIS logs... Still, very nice - great job! E.W.
4/08/2010 11:19:32 AM
Joseph Cooney
re: Sharepoint logs - I've thought about those too, as I have had the pleasure of 'dealing' with them in the past. At least ISA does the nice thing and stores its logs in a database.
4/08/2010 2:58:52 PM
Rory Primrose
Nice one! This is going to get a lot of use :)
4/08/2010 5:22:40 PM
Rory Primrose
Hey Joseph, I've already got a few suggestions: - Website needs some feedback/suggestion support - Serial number dialog should support copy/paste of full serial number - Add support for xml trace files - Add some type of provider model so people can add support for custom datasources themselves
4/08/2010 5:30:00 PM
Rory Primrose
Another one: - Searching textboxes should expand as the first splitter is moved to the right (port-hole problem for longer strings :))
4/08/2010 5:51:02 PM
Love it. I live in event logs all day. Sweet UI. +1 on the Serial Number should support copy/paste (or just make it a single text box) +1 on provider model - I'll write a datasource for the TFS Activity Log / Job History. - It Crashed On My Machine(tm). Do you want a dump, or are you going to release a version with built in diagnostics? (email me and I can repro) - When I typed the server name, a Pro tip about "enter . for.. something", but it disappeared so I don't know what it was. Grant
4/08/2010 6:15:45 PM
Thanks for the feedback Rory and Grant. It seems that the high-level suggestion is a provider model. Grant - I'll contact you to try and figure out what the cause of the crash was.
4/08/2010 8:36:25 PM
I'd also like to see support for some kind of monitor projects storage. Currently I need to configure the app each time I open it up when I am usually going for the same setup. I don't think you should bother the user to save the current setup, maybe just run an implicit MRU of the last 5 different sessions. This is the way that dotTrace works and it is really well. dotTrace also allows you to remove previous setups if you don't want them.
5/08/2010 11:33:16 PM