Log File Analyzer
Original Publication Date: 2004-Oct-15
Included in the Prior Art Database: 2004-Oct-15
Log files are the first source of information to troubleshoot problems related to applications, operating systems and any other software that may run on any platform. The article describes a set of ideas that may be implemented by a Log Analysis graphical tool to help the user to understand, analyse and correlate the information provided in the log messages.
Log File Analyzer
The ideas want mainly address the following aspects: graphical grouping of messages in log file based on the definition of key elements and their order of a message format graphical filtering of messages in log file based on the values and pattern of elements of the message format graphical debugging of log files by
setting breakpoints on element values combining different trace logs identifying message sequence repetitions displaying the message groups while reading the log animating the message displaying based on msg time stamps or fixed delay monitoring the transaction messages start/end time
A possible follow-on of the ideas above could be providing a Plug-In to consolidate the Log Analysis in an IBM Tivoli Monitoring Resource Model.
All the ideas above should be implemented in an Graphical application called ITM Log File IDE (ITMLFIDE) that provides a windows based GUI.
The advantages of ITMLFIDE are: provide a way to troubleshoot problem by providing a valuable set of graphical tools to analyse log files that are the most common source of information and at the same time the less invasive way to get the information about applications or OS. address through a powerful GUI the complexity of analysing log files generated by multithread and multicomponent applications. For example the grouping feature allow to group in nested family of windows messages generated by the same component. The grouping feature also allows the definition of subgroups of messages internal to the "component" group, with the same thread and severity. approach the log file analysis as it is related to any source code by providing the debugging approach: breakpoints, go-to, run, pause, step, monitor the sequences. providing a new additional tool for education. Support and dev people have a graphical way to represent an view component/thread flows. They can learn the products from their traces. apply the analysis at run-time to products by automatically (through some wizard) generating ITM resource models that focus on special events marked as breakpoints, look at specific sequences, monitor transactions, etc.
When the ITMLFIDE is started it shows the main window. Through the "open" icon or menu item the user can open a log file to analyse it: Given a Log File the user can specify the message format in two ways: Through the GUI or through an XML configuration file. Basically the user is
requested to specify what the tokens semantically correspond to. Tokens maybe defined by fixed offset, just white spaces or pattern.
Grouping Once the user selected a log file and defined the the message format for its messages the user can define the groups in which he would like to decompose the messages. To do this he has to define the key elements in the appropriate "Grouping" dialog.
The elements correspond to the "tokens" that form the message. The application will create a group and/or subgroup for each differe...