Project Description

Event Log Analyzer is a simple yet powerful tool to analyze event logs in Windows. It has features to group similar events together, give graphical view of distribution of events over time and in similarity. It is developed in C# and WPF and uses MVVM framework.

How to Use the Tool

  • Get the event logs from machine which you want to analyze
    • To get event logs, open Event Viewer (eventvwr) on the machine
    • Right on the Event name in left pane and select Save All Events As...
    • Save the events as an Xml file in an empty directory
  • You can save multiple event files in the folder that you want to analyze
  • Open the Event Log Analyzer tool
  • Provide the log files folder path at top and click on the Analyze button
  • The tool will show a graph of the event logs distribution at the bottom and the event file names on left panel
  • To see logs related to a common issue
    • Select radio button Sort X axis by -> Occurence at the bottom of the graph
    • The graph will show a yellow bar for a group of event log which are related to a common issue
    • If you click on any bar, the actual events will be added under the file names on the left panel
    • Selecting any event from the left panel which show its details in right top box
  • To see logs distributed in date and time
    • Select radio button Sort X axis by -> Date at the bottom of the graph
    • The graph will show yellow colored bar for each group of event logs which occur on the same date (or in the same hour of a day)
  • To search for logs with a particular text
    • Type the text in the Search box of graph
    • The Log groups which contain logs with the given text turn Red
    • Select the log group. On the left panel observe that the log containing the text turn Red
    • Now you can select the highlighted logs to see details
  • To drill down into the logs
    • Lets say you want to first find out the common logs which have the highest number of occurences and then see the distribution over time
    • Select Occurence in the graph
    • Right click on any yellow bar that you want to drill down
    • Another graph will open over the first one. This graph shows only those logs from selected group in first graph
    • Select Date in second graph. The logs are shown distributed in dates
    • If you want to now look at logs distribution over time on a particular date, right click again on any bar in the second graph
    • A third graph opens over second. Select Date again in that to see logs distributed over time
    • Now you can select any group in third graph, see the actual log entries on the left panel, select a log on the left panel and see its details on the details box in top right
    • To go back to previous graph, click on the second or first graph again

Screenshots

1 Loading Log xml files for parsing 1 - Loading log xml.jpg

2 Search 2 - Search.jpg

3 Drill down on Right click on bar in Graph 3 - Drill down on right click.jpg

4 Multi level drill down 4 - multi step drill down.jpg

Future enhancements

This is only the first draft of the tool. A lot of enhancements will be made in next few days to it to make it more useful
Few of the items in pipeline are
  • Allow the tool to connect to the event viewer of a machine given the IP address of the machine
    • Hence no xml will need to be saved
    • This will allow for continuous monitoring of logs
  • Distribute logs by Level of criticality so that the user can concentrate on Error more than Information logs
  • Show trends of logs found over time. This will show common areas of concern which needs to be addressed on priority
  • Use multi-threaded UI to make avoid hanging when the Analysis takes time
  • Many more...


Happy coding,

Souvik Basu
http://www.facebook.com/maratha
http://www.thebasuz.com

Last edited Dec 20, 2011 at 4:55 PM by souvikbasu, version 27