windows-container-tools/LogMonitor
kimpanatopimizely 9502ea4e40
fix(docs): specify default level as Error for EventLog (#116)
Correct the event monitor documentation
2023-01-26 12:20:29 +03:00
..
LogMonitorTests add unit test (#118) 2023-01-26 10:47:56 +03:00
docs fix(docs): specify default level as Error for EventLog (#116) 2023-01-26 12:20:29 +03:00
src/LogMonitor add unit test (#118) 2023-01-26 10:47:56 +03:00
LogMonitor.sln Add tests for ConfigFileParser (#1) 2019-10-24 09:37:26 -07:00
README.md docs: beef up documentation for the log sources (#95) (#96) 2022-11-08 16:16:06 +03:00

README.md

Microsoft Log Monitor

Introduction

Log Monitor is a log tool for Windows Containers. It monitors configured log sources and pipes a formatted output to STDOUT.

log_minitor_arch

Unlike Linux applications that log to STDOUT, Windows applications log to Windows log locations such as ETW, Event Log, and custom log files. Since many container ecosystem logging solutions are built to pull from the STDOUT pipeline as standard with Linux, Windows containers app logs historically have not been accessible via these solutions. The Log Monitor bridges this gap between Windows log locations and STDOUT, as depicted in the diagram below. The scope of the Log Monitor tool is to bridge Windows application logs to the STDOUT pipeline.

Supported log sources include:

Supported output locations include:

  • STDOUT

Log Monitor is configured via the Log Monitor Config json file. The default location for the config file is: C:/LogMonitor/LogMonitorConfig.json or location passed to the LogMonitor.exe via /CONFIG switch.

The log tool is supported for Windows, Server Core, and Nano images.

Build

Releases

Release versions of the binaries can be found on the Log Monitor Releases page.

Usage

LogMonitor.exe and LogMonitorConfig.json should both be included in the same LogMonitor directory.

The Log Monitor tool can either be used in a SHELL usage pattern:

SHELL ["C:\\LogMonitor\\LogMonitor.exe", "cmd", "/S", "/C"]
CMD "C:\\windows\\system32\\ping.exe -n 20 localhost"

Or an ENTRYPOINT usage pattern:

ENTRYPOINT "C:\\LogMonitor\\LogMonitor.exe c:\\windows\\system32\\ping.exe -n 20 localhost"

Both example usages wrap the ping.exe application. Other applications (such as IIS.ServiceMonitor) can be nested with Log Monitor in a similar fashion:

COPY LogMonitor.exe LogMonitorConfig.json /LogMonitor
WORKDIR /LogMonitor
SHELL ["C:\\LogMonitor\\LogMonitor.exe", "powershell.exe"]
 
# Start IIS Remote Management and monitor IIS
ENTRYPOINT      Start-Service WMSVC; `
                    C:\ServiceMonitor.exe w3svc;

Log Monitor starts the wrapped application as a child process and monitors the STDOUT output of the application.

Note that in the SHELL usage pattern the CMD/ENTRYPOINT instruction should be specified in the SHELL form and not exec form. When exec form of the CMD/ENTRYPOINT instruction is used, SHELL is not launched, and the Log Monitor tool will not be launched inside the container.

The repo includes several sample config files for key Windows Container scenarios. For more detail on how to author the config file, see the detailed documentation here.

👉 See more Documentation