Closed CharityKathure closed 1 year ago
FYI, pressing CTRL + C results in the following flow:
'LogMonitor.exe' (Win32): Loaded 'C:\windows-container-tools\LogMonitor\x64\Debug\LogMonitor.exe'. Symbols loaded. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\ntdll.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\kernel32.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\KernelBase.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\sechost.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\rpcrt4.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\ole32.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\msvcp_win.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbase.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\gdi32.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\win32u.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\gdi32full.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\user32.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\combase.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\shlwapi.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\wevtapi.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\tdh.dll'. 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\imm32.dll'. The thread 0x6c1c has exited with code 0 (0x0). Exception thrown at 0x00007FF9278A267E (KernelBase.dll) in LogMonitor.exe: 0x40010005: Control-C.
The thread 0x960c has exited with code 0 (0x0). Exception thrown at 0x00007FF9278A267E (KernelBase.dll) in LogMonitor.exe: 0x40010005: Control-C.
The thread 0x6174 has exited with code 0 (0x0). The thread 0x5a8c has exited with code 0 (0x0). 'LogMonitor.exe' (Win32): Loaded 'C:\Windows\System32\kernel.appcore.dll'. The thread 0x563c has exited with code 0 (0x0). The thread 0x74e8 has exited with code 0 (0x0). The program '[37976] LogMonitor.exe' has exited with code 0 (0x0).
Summary
In addition to getting logs in XML and JSON formats, a user should have the flexibility to customize their windows container logs, dictating how the logs should look like and the specific fields that should appear in log entries.
For Example: To display the timestamp, source, severity and message of an event in STDOUT, a user can specify the following format:
[%TimeStamp%] [%Source%] [%Severity%] %Message%
Examples:
1. Event Logs Configuration:
"customLogFormat": "[%TimeStamp%] [%Source%] [%Severity%] %Message%"
Output: _2. ETW Logs Configuration:
"customLogFormat": "[%TimeStamp%] [%Source%] [%Severity%] [%ProviderId%] [%ProviderName%] [%EventId%] %EventData%"
Output: _3. File Logs Configuration:
"[%TimeStamp%] [%Source%] [%FileName%] %Message%"
Output:Sample Config used in testing: