Log analyzer

  • 7011149
  • 10-Jun-2011
  • 19-Oct-2012


LogAnalyzer has been updated!  Added features are documented below.

What is it: LogAnalyzer -- This tool analyzes a log output by Log4j and summarizes information based on the requested mode types.  Currently, three 'types' are supported:

Timer: The timer mode measures time stamp differences from  the 'Entering' messages in the logfile and the 'Exiting' messages.  It compiles these timings per method and the result is a CSV output of each methods aggregate, min, max, and average times in addition to the number of times the method was called.

Trender: The trender mode counts the number of times each method is called over a segment of time, by default that segment is 1 hour.  The output is in CSV with the x-axis data being time slots and the y-axis being method names.  Each value is the number of times that method exited during that time.

Error: The error mode simply isolates log events that have the 'ERROR' priority.  It then outputs first the known method call-stack of when that error occurred with each method's parameters listed.  That is then followed by the actual error message.

Attached are output based on each mode in addition to the original log file that was used to generate each output.

Content -- As noted, this tool analyzes log output by Log4j and specifically leverages the log events that are created by the TraceAspect injected into our product.  So while it can successfully scan and parse any logfile generated by Log4j (or any logging API that you can define a layout pattern for), it's the TraceAspect's 'Entering' and 'Exiting' trace statements that are most valuable to this tool.
Layout Pattern -- This tool needs to know the layout pattern that was used when the input logfile was created.  Most of the time in our product, that layout pattern is one of the following:

%d{ISO8601} %5p %t %c{4}:%L - %m%n
%d{ABSOLUTE} %5p %c{4}:%L - %m%n

By default, this tool leverages the more descriptive pattern %d{ISO8601} %5p %t %c{4}:%L - %m%n.  However, any layout pattern defined from  can be specified so long as it matches Log4j's definition (http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PatternLayout.html).

LogAnalyzerApp [-trendSegment trendSegment] [-layoutPattern layoutPattern] -file file -type[] [timer | trender | error ]

        -trendSegment: Increment to trend method calls over (in milliseconds); Default value: 3600000
        -layoutPattern: Log4j LayoutPattern used for this log.  Some platforms (like Windows) require you to escape the % character with a second %, ala "%d{ISO8601}" becomes "%%d{ISO8601}"; Default value: %d{ISO8601} %5p %t %c{4}:%L - %m%n
        -file: Log4j log to parse; required
        -type: Type of analysis to perform; required; can be used multiple times; must be one of the following: timer, trender, error;

Example Usage:
$ java -jar AnalyzeLog_2.0.jar -file \temp\sailpoint.log -type trender -trendSegment 60000 -type timer -type error

This tool can be found at https://community.sailpoint.com/documents/product-resources/supportfiles/tools/analyzelogtool/analyzelogzip
Release Notes:

1.0 - Initial release

2.0 - New Features:

  • Now supports analyzing multiple log files.  Files can be passed in using the -file option multiple times with individual file names.  In addition, wild cards are supported, like "*.log" with the -file option.  However, the value must be quoted when specifying wild cards.
  • Output may now be directed to a file via the -outFile option
  • New analyzer: 'joiner'.  The Joiner analyzer simply concatonates multiple log files into a single file ensuring the log events are in chronological order.
  • New analyzer: 'error'.  The Error analyzer reports on log events with the ERROR level.  In addition, the call stack leading up to the error is provided for additional context.
  • New analyzer: 'method'.  Similar to the Error analyzer, the Method analyzer locates the desired method and formats the call stack for each instance of that method.
  • Bundled as an executable jar file.  It may now be launched using: java -jar AnalyzeLog_2.0.jar ...
2.1 - New Features:
  • Command line options may be passed in via properties file.  This enables easier reuse and the ability to preserve otherwise unwieldy commandline options.
  • With the inclusion of the a properities file, command line usage has been pared down to be less verbose and more concise.  However, full usage is available when specifying '-?'
  • Additional documentation is found in the example properties file.
  • An optional 'fastParse' mode has been added to increase parsing times for log files containing large individual log events.  These would typically include log events spanning multiple lines and containing thousands of characters (often an XML representation of an object)