Introduction
How many times did you need to check the Event Log of your production web server but since you do not have permission to log on to that server, you had to wait for the administrator or webmaster to be available and open the Event Viewer for you?
In my experience, that happens very often. Often enough to let me think twice before writing code that logs messages to the Event Log. Unfortunately (or fortunately), the Event Log is still a very reliable place to log diagnostic messages, and even if we log to a custom database infrastructure, there's the chance that that database becomes unavailable and we need a fallback plan. The Event Log is usually a good last resort place to log important messages. Aside of that, many other applications and services already log their errors and warnings in the Event Log, so we will always be coming back to it at a point or another.
What is desirable here is a more flexible way to access the Event Log. More flexible but not less safe. We also need to protect our system messages from prying eyes.
Enter the RSS Feed Generator
With this goal in mind, I wrote a very simple utility to produce RSS feeds from the Event Logs in any system that has IIS with ASP.NET 1.x installed.
The utility is comprised of a single ASP.NET webform without code behind. This single .aspx file accepts querystring parameters that enables you to better specify how many and what kind of messages you are interested in.
Using the code
To get this utility going, all you need to do is unzip the accompanying .zip file and place the files GetLog.aspx and rssToTable.xsl in any existing or new ASP.NET application virtual folder. After the files are there, you'll have access to the RSS XML just by browsing to it, like:
http://yourserver/thefolder/GetLog.aspx
If your browser is XSLT-capable (like IE), the produced XML will be formatted in HTML automatically to help you find the information you are looking for.
The above URL will return, by default, the last 25 entries in the Application Event Log. You can change the number of returned entries using the top
parameter, like:
http://yourserver/thefolder/GetLog.aspx?top=40
You can change the desired event log using the log
parameter, like:
http://yourserver/thefolder/GetLog.aspx?log=YourLog
Note: The System and Security logs are programmatically blocked to prevent access to critical information.
You can filter on specific types of messages using the types
parameter, like:
http://yourserver/thefolder/GetLog.aspx?GetLog.aspx?types=error,warning
As you can see, this parameter is a comma delimited list of event log message types. The available types are Information, Warning, Error, SuccessAudit, and FailureAudit, but you are likely to be more interested in the first three types.
You can restrict the desired message source using the source
parameter, like:
http://yourserver/thefolder/GetLog.aspx?source=MSSQLSERVER
To get even more interesting filtering, you can combine any of the above parameters to get closer to messages you are watching for:
http://yourserver/thefolder/GetLog.aspx?GetLog.aspx?
top=40&types=error&log=MyLog&source=MyApplication
Security Notes
Event Log messages often contain precious information that should not fall in the wrong hands. When you deploy this utility in any of your servers, be careful not to make it accessible by those who shouldn't be reading these messages.
Configure the ASP.NET application folder that contains the file to not be accessible without proper authentication, or to only be accessible through an internal IP address or some other scheme that protects your messages.
RSS Feed Aggregators
This utility combined with a decent RSS aggregator of your liking can provide you a collection of subscribed feeds that will allow you to keep an eye on your applications and search for diagnostic messages when some error occurs.
History
- June 27th 2005 - Following suggestions in the comments, changed the GUID format and the HTTP error code returned in case of a forbidden query. Added an XSLT transformation to the raw output, to make the display prettier in the browser.
- May 25th 2005 - Code submitted.