Incubated: LogParser based HealthCheck

Aug 11, 2010 at 11:21 AM
Edited Aug 11, 2010 at 10:44 PM

I use Microsoft LogParser to do the heavylifting of helping me analyse logs. It's very powerful and can be used against a variety of logging formats (IIS/EventLog/TextFiles/Registry to name some) - that got me thinking - how about a HealthCheck based on LogParser - you can interop into the LogParser API. Either create some pre-canned queries or go the whole hog and allow the user to define the query on the HealthCheck configuration.

This article provides some ideas for pre-canned queries

I see a problem though, MonitorWang usually reports a pass/fail result for a "check" - not entire result sets from a query. I think the first cut would report just the row count from the query. I would also include some configuration switches to control MonitorWangs behaviour with respect to the query.

An example query: "SELECT Count(*) FROM Application WHERE SourceName='My Important App'"

  • InterpretZeroRowsAsAFailure - set to true if a row count = 0 is a "failure" (Result=false). Default behaviour would be to interpret > 0 rows as a failure and = 0 as success
  • PublishOnlyIfFailure - only actually publish the result message if the query returned some results

I'll kick the tyres on this some more and hopefully update you with implementation details. If you have any thoughts on this one then please add to this discussion.

Aug 11, 2010 at 10:04 PM
Edited Aug 11, 2010 at 10:33 PM

I've create a new library project, MonitorWang.Contrib.Checks.LogParser and have a working generic HealthCheck that allows you to specify a query (FROM part onwards) and it publishes a result based on the number of rows returned (and how you have configured the InterpretZeroRowsAsAFailure & PublishOnlyIfFailure switches).

So far only implemented support for EventLog input format but should be easy enough to get the rest working.

Screencast of it in action querying the System eventlog for any entries from the USER32 EventSource has been uploaded here

Aug 12, 2010 at 3:59 PM

Ok, some more progress on this. Once I started to implement more input formats it grew apparent that it was going to get a big soupy class so decided to split each input format into its own "check" type.

This led me to think about deployment of this separate assembly that contains these logparser checks. Obviously you need to have configuration and bindings plus the assembly - it would be nice to just drop (xcopy) these files into the MonitorWang folder without having to modify any existing config. So I investigated a custom castle config xml interpreter and found a code snippet on StackOverlfow that did exactly as I wanted...it will automatically discover and load into the container all *.castle.config files in the config folder.

Cool! To add the LogParser contrib checks to a MonitorWang installation, just copy the assembly into the root folder and drop your configured logparser.check.castle.config & logparser.binding.castle.config into the config folder and restart MonitorWang - thats it!

LogParser checks and config file discovery will be available in the next release due shortly

Aug 17, 2010 at 1:10 AM
Edited Aug 17, 2010 at 1:12 AM

Ok - completed support for this in v1.0.1.0...go grab it and have a play, tell me what you think

/J