nl-cristi / logcatcher Goto Github PK

That would be great to be able to right click a site (and even at application level) on IIS and start LogCatcher from context menu.

Hi there

SPNs are a important component on windows that create impact on a successful authentication workflow when using Windows Integrated Authentication. It Would be nice to Have a Feature to List all the SPNs.

add new function in the tool to collect permissions based on https://docs.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-authentication-authorization/default-permissions-user-rights

Test ISSUE

The tool currently collects all logs available.
Need to implement filtering based on age of logs.

Main windows can be scaled but no component inside is scaling

Clicking GetSites button in UI spits the following error in the PS console.
On a pristine IIS installation.

Cannot convert argument "c", with value: "@{id=1; state=Started; name=Default Web Site;
applicationPool=DefaultAppPool; enabledProtocols=http; physicalPath=%SystemDrive%\inetpub\wwwroot}", for "AddRange" to​
type "System.Collections.ICollection": "Cannot convert the "@{id=1; state=Started; name=Default Web Site;​
applicationPool=DefaultAppPool; enabledProtocols=http; physicalPath=%SystemDrive%\inetpub\wwwroot}" value of type​
"Selected.Microsoft.IIs.PowerShell.Framework.ConfigurationElement" to type "System.Collections.ICollection"."​
At F:\Downloads\LogCatcher\LogCatcher\General\Functions.ps1:274 char:5​

• $arrproc.addrange($CurrentSites)​
  

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~​
  

  • CategoryInfo : NotSpecified: (:) [], MethodException​
  • FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument

Not sure how doable it is, but it would be a nice addition to have a flag specifying a specific date for which you would like to collect the logs, in case of installations where large files are produced, and the issue you are interested in occurred a while ago.

Or in alternative, if easier to implement, a way to say logs between 20 and 19 day ago, for example.

Given that the amount of generated FREBS is limited, sometimes we disable Failed Request Tracing as soon as the issue we are trying to analyze happens in order for it to not be overwritten.

In those scenarios, when we run LogCatcher since they are disabled for the selected websites they are not automatically collected, and have to be zipped and collected separately.

For those scenarios it would be useful to have a flag to force FREB collection regardless of it being enabled or not for any given site.

As far as can see it could have two approaches:

1. -ForceFrebCollection $true and ignore whether the flag is set or not at the site level and try to collect
2. -FrebCollectionSiteIds 2,3 and specify for which sites we want to ignore the flag, as for customers with large installations there could be a large overhead in trying to collect for all of them.

The collection of the HttpERR logs is not respecting the Logs Age parameter, which can lead to gigabytes of files being collected in older servers which can severely slow down the process.

Looking at the code for the http error logs operation

https://github.com/cristian-clamsen/LogCatcher/blob/96ab07cffb25f8efdcfca384e2d1679cad85b4ee/LogCatcher/General/CatchFilteredIISzip.ps1#L41-L45

I would assume that a quick fix would be to add the /maxage:$MaxDay similar to the operation bellow that catches the iis logs

https://github.com/cristian-clamsen/LogCatcher/blob/96ab07cffb25f8efdcfca384e2d1679cad85b4ee/LogCatcher/General/CatchFilteredIISzip.ps1#L33-L37

If you would like let me know, and I can test it and open a PR

Hi Cristi,
Can you make the tool gather the .NET version installed on the IIS server?

• if .NET Framework, it should read the registry value as described here https://learn.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
• if .NET Core / .NET higher than 6, I guess it should capture the output of dotnet --version

Thank you.

Hi there

When troubleshooting different use cases the common sources of that that we search for, currently is separated and in different folders, organized by the location where that information exists.

It would be useful to have a report that could shown the main useful information that happen in a timeframe that we could set in the
UI grouped by troubleshooting use case.

Authentication Report .txt:
| Time Frame | source | Count | Event Ids | Error Codes | Details |
| 12h00-13h00 | Event Log Lsa | 3 | YYYY, XXXX, | | < event message >
| 12h00 - 13h00 | Event Logs Kerberos | 4| AAAA, BBBB| | < event message >
| 12h00 - 13h00 | FREB Logs | 3 | | 401.2 | Request Summary with URL, App Pool, Authentication
| 12h00 - 13h00 | Http Err | 3 | | 403 | http response message

Crash Reports.txt:
| Time Frame | source | Count | Error Codes |
| 11h00-13h00 | Event Log WAS | 3 | YYYY, XXXX, |
| 11h00 - 13h00 | IIS Logs | 100 | 500 |

Currently we have different sources of information: Event Logs , IIS Logs, Freb Logs, Http Err Logs. For each entry that we find that is a error or warning we could increment the count, collect the Event ID and the Error Code/Status Code.

To not impact the time we take to collect all the data , this reports could be generated only by the person that is troubleshooting the issues. For this it could exist a button that could represent the trigger to generate such reports.

With this information we could easily identify i which time frame we had the main errors that we are looking for depending on the use case, such as Authentication or Crashing.

Collect existing WCF traces:
*.svclogs and sysnet.logs

I propose to collect for troubleshooting using IIS config history.
Log can be found at C:\inetpub\history*.

include IIS.log in the Logs collected.
Log can be found at c:\windows\IIS.log

Implement full CLI functionality so tool can be used only from Powershell.