Friday, July 15, 2005

EventLogs Syndication and RSS

[Posted on my MSN Space on July 15, 2005]

I thought I had a totally original idea, but it turns out someone already beat me to it. However, I still consider my intent original so I'm going to post this anyway.

My RSS aggregator (RSSBandit) has become the central source of news and blogs during my day. Since I spend so much time monitoring this application, why not make it the central source of information about my computer. The most obvious way to do this is to have an application or service monitor the event logs then publish an RSS feed when an entry is written. Conceptually, however, this notion isn't limited to just the Event Logs. You could potentially tap into WMI, Performance Counters, and failure-predictive hardware and consolidate them all in to 'system health' RSS feeds. This works great for a single user on a single PC, but it's also scalable. Drop in a simple web server like Cassini (requires modification for serving up content to remote machines) or CassiniEx and now a system admin can monitor the feeds for multiple machines from a single location (OK, so you wouldn't really want to monitor thousands of machines this way, but maybe in an SMB situation).

This becomes a much more compelling scenario when you consider the proposed RSS support in Longhorn. If Longhorn is already going to maintain a list of RSS feeds, why not add a few more to the mix and let application developer plug into the data?

My first attempt was to create a library that parses the event logs then publishes the entries into a separate RSS feed for each event log. The library can publish all event logs in one go, or you can selectively publish individual logs by passing in the log name. I also added some filtering so that certain events would be ignored during syndication (for example, if you only want to publish warnings or errors, you can filter out informational and audit events).

The attached snapshots show RSSBandit with the feeds generated from my notebook. Everything has been coded using the July CTP of VS.NET 2005.

Screen Shot 1
Screen Shot 2

As far as the monitoring application, it can be done any way you like. I wrote a fairly simple application that can either publish the event logs on demand, or monitor the logs and publish them when a new entry is written. The monitoring code can be put into a form or service pretty easily. Here's what it looks like:

#using System.Diagnostics;
...
// in form load, service start, etc.

EventLog[] eventLogs = GetEventLogs();

foreach(EventLog eventLog in eventLogs)
{
  eventLog.EntryWritten += new EntryWrittenEventHandler(eventLogMonitor_EntryWritten);
  eventLog.EnableRaisingEvents = true;
}

...
private void eventLogMonitor_EntryWritten(object sender, EntryWrittenEventArgs e)
{
  EventLogRssPublisher rssPub = new EventLogRssPublisher();
  rssPub.PublishEventLogs();
}




Thats all for now,
Tony

No comments:

Post a Comment