Blog Post

Containers
3 MIN READ

Announcing Log Monitor v2.2.0 Release Candidate

Bob_Sira's avatar
Bob_Sira
Icon for Microsoft rankMicrosoft
Apr 15, 2026

We are excited to announce the release candidate for Log Monitor v2.2.0, now available on GitHub: LogMonitor v2.2.0

Log Monitor is an open-source tool that enables Windows containers to surface logs from multiple sources, Event Log, ETW providers, and log files,  directly to the container's stdout, making them visible to container orchestrators like Kubernetes and Azure Container Apps.

What's New in v2.2.0

Replaced Boost.JSON with nlohmann/json

The most significant change in this release is the replacement of the Boost.JSON library with nlohmann/json, a lightweight, header-only C++ JSON library. This change:

  • Removes the heavy Boost dependency, reducing build complexity
  • Simplifies the vcpkg dependency management
  • Maintains full backward compatibility with existing configuration files

New AKS + IIS Example

We've added a complete end-to-end example for running Log Monitor with IIS on Azure Kubernetes Service (AKS), including deployment manifests and step-by-step documentation. This makes it easier to get started with log monitoring in production Kubernetes environments.

Bug Fixes

This release also includes a number of important bug fixes to the configuration file parser:

  • eventFormatMultiLine now correctly defaults to true when not specified in the config
  • waitInSeconds for File log sources is now correctly parsed (previously always used the 300s default)
  • Optional channel level now correctly defaults to Error when omitted, instead of causing a parse failure
  • Invalid log sources in a config file are now skipped gracefully — valid sources in the same file continue to be processed
  • Fixed a path traversal vulnerability in the /Config command-line argument
  • Reduced unnecessary error log noise for ERROR_NOT_SUPPORTED cases

Upgrading from v2.1.x

Upgrading to v2.2.0 is a drop-in replacement — no changes to your configuration files are required. The config file format is identical to v2.1.x.

To upgrade:

  1. Replace LogMonitor.exe with the v2.2.0 binary in your container image
  2. Run your existing LogMonitorConfig.json as-is — no edits needed
  3. Test your container to confirm logs are still flowing as expected

If you were building from source, see the updated build instructions below — the build system has changed and the output path is different from v2.1.x.

Building from Source

The build system has been updated from a standalone Visual Studio solution to a CMake + vcpkg workflow. A single script handles everything:

.\build.cmd

This will automatically:

  1. Clone vcpkg into the repo root
  2. Bootstrap vcpkg and install nlohmann-json (downloaded on first run)
  3. Configure the project with CMake using Visual Studio 2022
  4. Build LogMonitor.exe and LogMonitorTests.dll in Release configuration

Prerequisites: Visual Studio 2022 with the C++ workload and Git must be on your PATH. No other dependencies need to be installed manually.

Output locations

ArtifactPath
LogMonitor.exeLogMonitor\build\Release\LogMonitor.exe
LogMonitorTests.dllLogMonitor\build\Release\LogMonitorTests.dll

Note for upgraders: In v2.1.x the binary was placed at LogMonitor\x64\Release\LogMonitor.exe. If you have a Dockerfile or CI script that copies the binary by path, update it to the new location above.

Example Configuration

Here is a basic LogMonitorConfig.json that monitors Windows Event Log, an ETW provider, and a log file — covering the three source types Log Monitor supports:

{
  "LogConfig": {
    "sources": [
      {
        "type": "EventLog",
        "startAtOldestRecord": false,
        "eventFormatMultiLine": false,
        "channels": [
          { "name": "System", "level": "Error" },
          { "name": "Application", "level": "Warning" }
        ]
      },
      {
        "type": "File",
        "directory": "C:\\inetpub\\logs\\LogFiles",
        "filter": "*.log",
        "includeSubdirectories": true,
        "waitInSeconds": 5
      },
      {
        "type": "ETW",
        "eventFormatMultiLine": false,
        "providers": [
          {
            "providerName": "IIS: WWW Server",
            "providerGuid": "{3A2A4E84-4C21-4981-AE10-3FDA0D9B0F83}",
            "level": "5"
          }
        ]
      }
    ]
  }
}

This config is a great starting point. Drop it alongside LogMonitor.exe in your container image and adjust the channels, file paths, and ETW providers to match your application.

Improvements to CI/CD Pipelines

We've updated both the Azure DevOps and GitHub Actions SDL compliance pipelines to correctly install nlohmann/json via vcpkg before building, ensuring reliable builds across all CI environments.

Getting Started

You can download the release binaries in the repository.

To get started with Log Monitor, check out the documentation and the new IIS + AKS example.

Feedback

We'd love to hear from you! If you run into any issues or have suggestions, please open an issue on GitHub.

Updated Apr 15, 2026
Version 2.0
No CommentsBe the first to comment