mgradwohl / coloma Goto Github PK

View Code? Open in Web Editor NEW

2.0 2.0 6.0 64 KB

Event Log Grabber

C# 100.00%

coloma's Introduction

Hi, I’m @mgradwohl a Partner Group Engineering Manager working on Windows at Microsoft

My team owns Task Manager, if you have bugs you want to report use the Feedback Hub
I’m interested in WinUI 3 in C++/WinRT, Win2D, Windows App SDK, and modern C++
I'm writing ModernLife (https://github.com/mgradwohl/ModernLife) a cellular automata app in C++/WinRT, Win2D, Windows App SDK, and Modern C++ and open to collab
I'm porting VFI (Visual File Information) that I wrote in the late 90s early 2000s from MFC to WinUI3/Windows App SDK.
📫@mgradwohl on Twitter (but I'm never there)
📫@mgradwohl on Discord (I just got there)
📫@matt@uppercutwoodworks on Slack [member ID U02T35QA5RP] (I just got there too)
Thoughts are my own, not the opinion of MSFT

coloma's People

Contributors

Stargazers

Watchers

Forkers

jberenhaus stanleyhon swinston alexeykor robo210 watch-later

coloma's Issues

On non-English systems, log names are localized

Log size and potential size

Add fake events to the system log for log size and potential size to see if we are wasting space.

If the Setup Log has no KB, use the latest Windows Revision

This is likely most important for Redstone machines that nuke the logs when a new flight is installed.

Do the files need to be UTF-8?

There seems to be a 3 byte UTF-8 header on our stuff. Does it need to be UTF-8?

This should probably be private

At the moment there's nothing that shouldn't be public but with unlimited private repos on any paid github accounts (i.e. mine) there's no reason this shouldn't be private.

Users want a way to mark log entries as analysed

There have been requests for a way to mark log entries as analysed - this will take some thought as to how or if we want to make this happen.

We currently have no infrastructure to allow this to happen.

Record last time logs were created

Coloma should write the DateTime the logs were last pulled from the machine, and so that on subsequent execution, it only grabs events after that DateTime.

Remove EventLog class usage

"The EventLog class uses the ancient deprecated APIs, the EventLogReader class uses the newer Vista APIs. You should avoid using EventLog at all costs and stick exclusively to EventLogReader class."

June KB Article and Revision

When 2016.06 ships, need to add the June KB Article and Revision.

Sign the Email asking for data

Unsigned email tells me to pull a random .exe and run it elevated, and the code is not signed either. Hmmm 

Ran it anyway, this is a strong authenticator  but this is training the wrong behavior across the team.

Upload via telemetry

Instead of uploading via file, upload via a custom telemetry event so that the device ID (and other data) goes along with the log data.

DeviceID using the current reg key is unreliable.

We should change the way we get the DeviceID - Currently 19% of devices are returning UNKNOWN.

Rewording string in console text

In Program.cs:
'Console.WriteLine("From the following logs: system, security, hardwareevents, setup, and application");`
Nit: Recommend space between hardware and events.

Add device identifier so that we can drill down on a device who caused an event.

Add the data to the output in a new column.

Make this work on Windows 8 and 8.1 for upgrade fairs

Currently this is restricted to Win10. We may need to make this work on Win8/Win8.1 for upgrade fairs.

Sign the EXE

From Crisping:

Unsigned email tells me to pull a random .exe and run it elevated, and the code is not signed either. Hmmm 

Ran it anyway, this is a strong authenticator  but this is training the wrong behavior across the team.

Log time it takes to retrieve event logs from machine

You can use this to track performance over time and potentially any bugs. You can use system time or a timer.

Get Coloma working on mobile

Or just wait until we override ::ReportEvent