Tuesday, July 30, 2013

Semantic Out-Process Logging using Semantic Logging Application Block - File Sink

In this post, we are going to look how SLAB (Semantic Logging Application Block) can be used for out-process logging for ETW events. Pattern & Practices (P&P) team has provided support for out-process logging of ETW based logs using Semantic Log Service. The executable for the service can be downloaded from here: [ http://go.microsoft.com/fwlink/p/?LinkID=290903 ]. Let's copy the downloaded installer to the some folder.



Running the executable extracts the required files in the specified directory. Here we are specially interested in install-packages.ps, the power shell script to download the required nuget packages to the directory.



Let's run the power shell script. This would download the required nuget packages as follows:



It must be remembered that the Semantic Logging Service must run on the same machine as the source application emanating ETW events data. We need to update the configuration of the out-proc service to utilize the events. You can see that we have updated the event source definition to look for the specified events. Here we have used FlatFileSink. This would write the events data to the file specified. In the current example we are using SemanticETWLogs.log, which would be created in the same folder. Here we have also used the text formatter which would create header text. In the next post, we will be introducing what other text formatting options are available.


Now we can run the out-proc process to register and log the ETW events. The process can run as a Windows Service or Console application. For our example, let us run it as a console application. This requires -console switch to be used to run it. Please make sure that you are running this with a command prompt using the Administrative privileges, otherwise, the command results in a failure.



Now we simply need to run the source application. Since it is registering some events, the logs are available in the specified file. For my case the data is as follows:


Please make sure that your EventSource is decorated with the attribute to specify the ETW event expected by out-proc listener.


Download

23 comments:

Nazeer ..........New Navigator said...

I am unable to write the logs to flatfile using OUT-OF-Process. I dont see any issue with the implementation but no idea what is wrong. Can you please help with this?

Nazeer ..........New Navigator said...

Can you please help me with this, I am unable to write logs to flatfile. I dont see any issue with the implementation, I have done as you shown but seems to be some configuration issue. Please reply me asap.

Muhammad Shujaat Siddiqi said...

Hi Nazeer ..........New Navigator, You have provided no details of your problem, Is the project provided for download working fine for you?

Nazeer ..........New Navigator said...

Hi Muhammad, The only issue is the logs are not written to flat file sink. Also, I cud not run your sample code as I got error to download it. I have implemented in-process well. but in out-or-process I am getting this issue.

1. I have my EventSource class created.

2. I have my source application.
3. I have written log statements only (no listner created) in my code.

4. configured the config file to Flat file sink.

I have done exactly as you shown in this post.
I have a question whether I need to do anything from ETW end to log my application events?

Thanks in Advance.

Muhammad Shujaat Siddiqi said...

Can you share your code? I can give it a look.

Muhammad Shujaat Siddiqi said...

Also, we shouldn't be required to do anything extra for ETW registration. That's actually one of the documented advantages of using EventSource.

Nazeer ..........New Navigator said...

I cannot put whole source application code, but main logging section I am putting. Hope you can understand. Thanks!

if (CorlIDP != null)
{
//Already Promoted.
//Write to Log, database
CustomPPLogging.Log.CorrelIDExists(CorlIDP.ToString());

System.Diagnostics.EventLog.WriteEntry("CorrelID-AlreadyPresennt", CorlIDP.ToString());
System.Diagnostics.EventLog.WriteEntry("TwoWayPort", Is2Way.ToString());
}
else
{
System.Diagnostics.EventLog.WriteEntry("CorrelID-Created", Is2Way.ToString());
pInMsg.Context.Promote("CorrelationID", NewNameSpace, guid.ToString());//Write to log, database

CustomPPLogging.Log.CorrelIDPromoted(guid.ToString());
}

Nazeer ..........New Navigator said...

Hi Muhammad, this this is working very fine as potraid. When I put logging sentences in a console app, it is perfectly logging events to flat file but in my application it is unable to log events from.

Actually I am working a BizTalk project where I am developing a custom pipeline to promote a GUID for my msg. There if GUID is promoted, I need to log an event saying the same. This is where it is failing.

my custom component sits in a pipeline and pipeline in a port, which is hosted in a different, but local server,"BizTalkApplicationServer", which is why it is unable to log events I believe. Could u too analisye and let me know ur inputs. Thanks a lot.

Muhammad Shujaat Siddiqi said...

Can you also provide your EventSource and configuration for Semantic Logging service?

BTW, you don't have to use EventLog separately. I have a post about using EventSource for writing to Windows Event Log. You can also refer to my session at South West Florida Code Camp for this.

Nazeer ..........New Navigator said...
This comment has been removed by the author.
Nazeer ..........New Navigator said...
This comment has been removed by the author.
Nazeer ..........New Navigator said...

Hi Muhammad, one quick question about this-

Firstly, I am very thankful to you for the help your posts provided. I am able to achieve what I want in my local system successfully.

But the same dll reference in dev server is not able to write any events to flat file sink.

Here I started SemanticLogging as a Service, I see the file sink is getting created while service starts but no events written to file.

The same scenario tried in my local system works perfectly.

Can you suggest me some thing to check and to configure to resolve it in server. Thanks!

Muhammad Shujaat Siddiqi said...

Hi Nazeer, Can you check the account you are using to run the service. You need to check that the account has rights on the destination folders.

Nazeer ..........New Navigator said...

Yes Muhammad, I have checked all that. Even I implemented a small logic to write my custom message to another file in the same folder. This is working fine but Event source file is not getting written.

Muhammad Shujaat Siddiqi said...

In that case, only having a personal look at the system should help. Since this is working fine on your machine, there should be no issues on the server as well.

Nazeer ..........New Navigator said...

Also, I am getting error while I start the SemanticLogging as windows service "SemanticLogging-svc.exe -s"

"Cannot start Enterprise Library Semantic Logging as window service on this Computer"

This is happening in my local system but not in server. I wonder why?

Muhammad Shujaat Siddiqi said...

Hmm, These seem to be machine specific issues. I think your network administrator should be able to help fixing tracing the causes. Let me know how it goes.

Nazeer ..........New Navigator said...

Yes, seems it is machine issue. I was able to start as service in others system and even the logs are written in server when I used another EventSource class. Thanks for your help Muhammad.

Sini Alexs said...

I am unable to log in custom folder in event viewer using Semantic out of process. please help

Sini Saji said...

i cannot log in custom folder in windows event log using SLAB out of process. please guide me

Sini Saji said...

i cannot log in custom folder in windows event log using SLAB out of process. please guide me

Muhammad Shujaat Siddiqi said...

Hi Sini, Can you check the permissions on your folder?

Somya Bhargava said...

I wanted to use this, was wondering if this would fit my requirement or not. My scenario:
-- I have a loadable dll where logging needs to be implemented. The main application can load my dll any number of times from single or multiple instances.

Was wondering if semantic is the right choice.