Implementing Log Monitor for ASP.NET Windows Containers

Back in November 2019 Microsoft released Log Monitor, a tool that helps read logs from typical Windows application locations logging like Event Logs, ETW, and log files and output them to the console standard output. This allows the built in Docker and Kubernetes logging tools to actually display log information. Using Log Monitor in your Windows Container means that you would no longer have to implement logging output workarounds for applications like IIS to be a good Docker citizen.

Unfortunately, at the time of writing, Log Monitor still only been implemented by default in Microsoft's  the insider preview images. (See IIS insider preview Dockerfile)

The IIS insider preview default Log Monitor config file just pulls IIS events from ETW. This Microsoft blog post shows how to make your own custom LogMonitorConfig.json file.

If you wanted to add Log Monitor to the ASP.NET 4.8 Windows Server Core 2019 image using the default config file you could use the following Dockerfile.

# escape=`

FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-ltsc2019

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]

# Install LogMonitor.exe
RUN New-Item -ItemType Directory C:\LogMonitor; `
    $downloads = `
    @( `
        @{ `
            uri = 'https://github.com/microsoft/windows-container-tools/releases/download/v1.1/LogMonitor.exe'; `
            outFile = 'C:\LogMonitor\LogMonitor.exe' `
        }, `
        @{ `
            uri = 'https://raw.githubusercontent.com/microsoft/iis-docker/master/windowsservercore-insider/LogMonitorConfig.json'; `
            outFile = 'C:\LogMonitor\LogMonitorConfig.json' `
        } ` 
    ); `
    $downloads.ForEach({ Invoke-WebRequest -UseBasicParsing -Uri $psitem.uri -OutFile $psitem.outFile })

# Start "C:\LogMonitor\LogMonitor.exe C:\ServiceMonitor.exe w3svc"
ENTRYPOINT ["C:\\LogMonitor\\LogMonitor.exe", "C:\\ServiceMonitor.exe", "w3svc"]

Just make sure that ETW is enabled on the site you set up in the Dockerfile for your web service.

Popular posts from this blog

Checking for vulnerabilities in transitive NuGet dependencies with OWASP Dependency-Check