Share via


DFSR Debug Analysis with Message Analyzer – Part 4, DFSR Debug Log Headers

This post continues the series that started here.

So far in this series I’ve discussed the creation of a Message Analyzer parser that extracts useful information from single-line DFSR debug log messages as well as a custom Analysis Grid view. Today I’ll create a message definition that handles DFSR debug log headers.

DFSR Debug Log Header Format

At the start of each DFSR debug log, I see messages similar to the following:

* FRS Log Sequence:1 Index:1 Computer:DPS1 TimeZone:AUS Eastern Standard Time (GMT+-10:00) Build:[Nov 19 2010 18:50:00 built by: win7sp1_rtm] Enterprise=1 DataCenter=0

* Configuration logLevel:4 maxEntryCount:200000 maxFileCount:1000 logPath:\\.\C:\Windows\debug\

While extracting pieces of these messages into fields might seem attractive at first, the reality is that this is not very useful. The headers will be the same across all log files from the same server and only communicate the current configuration – not a lot of diagnostic value.

For these reasons, I’ll just inject the entire message into a MessageText field. To assist in filtering, I’ll also create an Annotation field and provide it with a value. The message definition becomes –

message DfsrLogHeader with
EntryInfo { Regex = @"(?<MessageText>^\*.*)", Priority = 1 },
DisplayInfo { ToText = GetHeaderSummaryText } : LogEntry
{
string Annotation = "DFSR Log Header";
string MessageText;

    static string GetHeaderSummaryText(any d)
{
var e = d as DfsrLogHeader;
return e.MessageText;
}
}

To explain –

  • DfsrLogHeader inherits from the LogEntry base message definition
  • DfsrLogHeader has two fields
    • A string called Annotation which is always assigned the value “DFSR Log Header”
    • A string called MessageText which is populated with the RegEx statement
  • The Message Analyzer Summary field displays the full MessageText by calling GetHeaderSummaryText via the ToText statement
  • The Priority = 1 statement provides disambiguation when a log line matches more than one message definition

The RegEx expression is –

(?<MessageText>^\*.*)

It expects –

  1. An asterix at the beginning of the line ^\* followed by any number of any characters .*
  2. All of this is injected into the MessageText string – (?<MessageText>^\*.*)

The Result

Once I’ve added this message definition to my parser, I see the following in Message Analyzer –

MA08

Next Up

Parsing Multi-line Messages