We’re excited to announce the stable release of Log Monitor 2.0 along with Log Monitor 2.1 Release Candidate. The open-source tool helps customers expose Windows logs to the STDOUT pipeline. Log Monitor 2.0 provides customers with JSON log output improving interoperability and extensibility to log analysis tools for better observability. In addition, with Log Monitor 2.1, customers can enable custom log output by choosing between displaying window container logs in JSON, XML, or customized log format. We’ve analyzed the performance between the two versions as seen below. A consistent improvement noted in 2.1 is the reduced data size of logs attributed to customized logs. The 31.23% reduction of log data size means significantly less storage required and easier troubleshooting for our customers.
Please check out the previous blog for more details on Log Monitor 2.0 and utilizing JSON output format. For more details on customized logging, please see the section below.
Log Monitor 2.1 comes with the following improvements:
- JSON output as default for the 4 log sources
- New log format: Custom Log Format
- Configurable log format (Capability to switch between JSON, XML and Custom Log formats)
- Stability and Quality Improvements:
- Formatting for scalar integer property values using TdhFormatProperty
- Descriptive build scripts
- Documentation updates
- ETW Monitor code refactor
How to Customize Log Format
By default, Log Monitor will display logs in JSON format. However, users can change the log format to either XML or use their own custom designed format as shown in the documentation here. To specify the log format, configure the logFormat field in LogMonitorConfig.json. For JSON and XML log formats, no additional configurations are required.
For custom log formats, customers need to specify the customLogFormat at the source level. For each field value, wrap the field names with modulo operators (%) and match the log field names associated with the log source. More details on the specific log field source names can be found here.
A sample custom log configure is shown below:
{
"LogConfig": {
"logFormat": "custom",
"sources": [
{
"type": "ETW",
"eventFormatMultiLine": false,
"providers": [
{
"providerName": "Microsoft-Windows-WLAN-Drive",
"providerGuid": "DAA6A96B-F3E7-4D4D-A0D6-31A350E6A445",
"level": "Information"
}
],
"customLogFormat": "{'TimeStamp':'%TimeStamp%', 'source':'%Source%', 'Severity':'%Severity%', 'ProviderId':'%ProviderId%', 'ProviderName':'%ProviderName%', 'EventId':'%EventId%', 'EventData':'%EventData%'}"
},
{
"type": "File",
"directory": "c:\\inetpub\\logs",
"filter": "*.log",
"includeSubdirectories": true,
"customLogFormat": "{'message':%Message%,'source':%Source%,'fileName':%FileName%}"
}
]
}
}
For advanced usage of the custom log feature, a user can choose to define their own custom JSON log format. In such a case, the user should still specify the logFormat value as custom. To enable sanitization of the JSON output and ensure the outputs displayed by the tool are valid, the user can add a suffix: '|json' after the desired custom log format as shown in the example below.
{
"LogConfig": {
"logFormat": "custom",
"sources": [
{
"type": "ETW",
"eventFormatMultiLine": false,
"providers": [
{
"providerName": "Microsoft-Windows-WLAN-Drive",
"providerGuid": "DAA6A96B-F3E7-4D4D-A0D6-31A350E6A445",
"level": "Information"
}
],
"customLogFormat": "{'TimeStamp':'%TimeStamp%', 'source':'%Source%', 'Severity':'%Severity%', 'ProviderId':'%ProviderId%', 'ProviderName':'%ProviderName%', 'EventId':'%EventId%', 'EventData':'%EventData%'}|json"
}
]
}
}
Microsoft