microsoft
/
windows-container-tools
зеркало из https://github.com/microsoft/windows-container-tools.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
windows-container-tools/LogMonitor
История
Anthony Nandaa fb712c3c11
logmonitor: docs: add security advisory for config file (#196) 
As a recommendation from the previous security review,
add an advisory for users on how to restrict write
access for the confg file.

This reduces the possibility of the config file being
used as an attack vector, especially for a low
privilege user.

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
 		2024-10-14 20:40:15 +03:00
..
LogMonitorTests Rename Process Monitor Configuration Fields for Consistency (#185) 2024-08-23 12:22:02 +03:00
docs logmonitor: docs: add security advisory for config file (#196) 2024-10-14 20:40:15 +03:00
src/LogMonitor revert: explicitly write wide string characters to console (#193) 2024-09-25 18:12:52 +03:00
LogMonitor.sln
README.md

README.md

Microsoft Log Monitor

Introduction

Log Monitor is a log tool for Windows Containers. It monitors configured log sources and pipes a formatted output to STDOUT.

log_minitor_arch

Unlike Linux applications that log to STDOUT, Windows applications log to Windows log locations such as ETW, Event Log, and custom log files. Since many container ecosystem logging solutions are built to pull from the STDOUT pipeline as standard with Linux, Windows containers app logs historically have not been accessible via these solutions. The Log Monitor bridges this gap between Windows log locations and STDOUT, as depicted in the diagram below. The scope of the Log Monitor tool is to bridge Windows application logs to the STDOUT pipeline.

Supported log sources include:

Supported output locations include:

  • STDOUT

Log Monitor is configured via the Log Monitor Config json file. The default location for the config file is: C:/LogMonitor/LogMonitorConfig.json or location passed to the LogMonitor.exe via /CONFIG switch.

The log tool is supported for Windows, Server Core, and Nano images.

Build

Releases

Release versions of the binaries can be found on the Log Monitor Releases page.

Usage

LogMonitor.exe and LogMonitorConfig.json should both be included in the same LogMonitor directory.

The Log Monitor tool can either be used in a SHELL usage pattern:

SHELL ["C:\\LogMonitor\\LogMonitor.exe", "cmd", "/S", "/C"]
CMD "C:\\windows\\system32\\ping.exe -n 20 localhost"

Or an ENTRYPOINT usage pattern:

ENTRYPOINT "C:\\LogMonitor\\LogMonitor.exe c:\\windows\\system32\\ping.exe -n 20 localhost"

Both example usages wrap the ping.exe application. Other applications (such as IIS.ServiceMonitor) can be nested with Log Monitor in a similar fashion:

COPY LogMonitor.exe LogMonitorConfig.json /LogMonitor
WORKDIR /LogMonitor
SHELL ["C:\\LogMonitor\\LogMonitor.exe", "powershell.exe"]
 
# Start IIS Remote Management and monitor IIS
ENTRYPOINT      Start-Service WMSVC; `
                    C:\ServiceMonitor.exe w3svc;

Log Monitor starts the wrapped application as a child process and monitors the STDOUT output of the application.

Note that in the SHELL usage pattern the CMD/ENTRYPOINT instruction should be specified in the SHELL form and not exec form. When exec form of the CMD/ENTRYPOINT instruction is used, SHELL is not launched, and the Log Monitor tool will not be launched inside the container.

The repo includes several sample config files for key Windows Container scenarios. For more detail on how to author the config file, see the detailed documentation here.

👉 See more Documentation