For longer than I care to think about I’ve been working on an app in my spare time to make scouring through Windows and IIS logs from multiple machines easier and more fun. I set deadlines “hey, wouldn’t it be cool to release on Cutler’s birthday” and then some time later “I’m going live on the Windows NT initial release date” (last week) only to enjoy the sound of them rushing by as I sweated over one last feature, or tried to fix one more bug.
Over the week-end I decided to throw caution to the wind and release what I had, warts and all. First of all you can download it here. And now a bit of exposition…
Searching, Sorting and Filtering Windows and IIS logs
logEnvy is eventvwr (the one built into windows) dipped in WPF UI goodness, and turbo-charged with the ability to read IIS logs too. It has a single view over multiple windows and IIS logs – I was sick of looking at IIS and event logs for particular user sessions across multiple machines from a server farm. You can sort and filter just like in eventvwr, but it also has full-text search over the contents of all events. You get a resharper-like indicator in the scroll-bar showing where search results occur in the current set of events, and you can click on the green indicator to select that event, or mouse-over for a tool-tip summary.
It’s ‘agent-less’ – you don’t install anything on the machine you want to read logs from (heck, it doesn’t even have an installer itself), and can read events from remote machines from different domains (providing you have a network connection, and the right security credentials of course).
Event Details View
One of my major gripes with eventvwr circa XP/Server 2003 was the ‘port-hole view’ you were given to read the details of the event you selected. And to add insult to injury it was a modal pop-up! The ‘details’ view in logEnvy shows a textual description for all the selected events, and you can search within the text of the selected entries.
This view tries to summarize the current set of events in meaningful ways – currently it shows a breakdown by event type, a breakdown by date or time, and a list of the top 10 event sources in the current set. If a particular summary no-longer adds value (for example if you’ve filtered events to just show errors) it won’t show the breakdown by event type anymore. I’m planning to add more summaries over time.
This view is kind of like the map of the London underground meets event logs, to try and help people see the temporal relationship between events (especially across multiple machines). Events and IIS log entries show up as dots on three ‘tracks’ per event source – information, warning and error. If lots of events occur at a similar time they’re grouped into a single item. You can click on dots to get the textual information about the event(s) in the details view. You can pan and zoom, and there’s a histogram built in to the scroll-bar at the bottom to show you where the most interesting data is.
First warning – eventually I want to sell logEnvy, it’s still in beta now, and will probably remain this way for a while, but it will eventually be released and cost money. There will always be a ‘free’ version with all the features, but only for local event logs. The good news is if I’ve ever worked on a project with you, talked to me in person or if I know you on-line you’ll automatically get a free license. If you don’t fall into any of these criteria and would still like a free license email me at firstname.lastname@example.org and I’ll put you on a list. The other way you can get a free license (which I’d really appreciate) is to send me suggestions and bugs, which brings me to my second warning.
The second warning is – there will be bugs. The Timeline view I only added in the last month or so, and it and the summary view are both a bit rough.
Also I’m interested in what features I should be adding. Killer visualisations? Different event sources (SQL Server, ISA, Squid, log4net, SNMP?) What should I be adding? Send hates/likes/suggestions and bug fixes through to email@example.com. If you still have any doubts why not download it here and give it a go.
One last thing - when you download it you’ll get a serial number - because of my crass commercial visions for logEnvy I built the serial-number authentication bit into it already. You can hit the download page as many times as you want and get as many serial numbers as you like, they will stop working when the beta period ends. When you launch the app you’ll need to enter one to use the ‘full’ version.