In our previous post, we provided an example of a security issue that could not be diagnosed solely with event details collected by ASP.NET health monitoring. Some developers have asked us about the open source Error Logging Modules and Handlers (ELMAH) and how that would have helped in this same situation.

ELMAH is becoming a popular tool for error logging. Many find it more flexible and easier to use than ASP.NET health monitoring. Both tools provide good visibility into application health state changes, including start, shutdown, heartbeat, audit messages, etc. ELMAH extends the exception problem details available via health monitoring to include the ability to log error data from custom error handlers.

The ELMAH API also provides support for different data storage methods and web-based access for error data. In production environments, this data often helps improve and speed support team access to error data.

This information is very valuable for troubleshooting efforts. However, AVIcode's ability to collect runtime parameters that are passed through the methods in the call stack makes root cause diagnosis much easier and more straightforward than health monitoring and ELMAH. In addition, AVIcode's monitoring solutions provide greater visbility into all the problem details for both handled and unhandled exceptions, as well as performance problems. These details can also be consolidated and correlated with key performance counters over time to provide a more complete picture of application behavior and its effect on the IT environment.

One common example of a typical exception that is very difficult to diagnose with ELMAH or other standard error logging APIs is a NullReferenceException. For this (and all other) application problems, AVIcode collects the runtime parameters and member variable values, enabling analysis of the code stack and determination of the application health state. The screenshot below shows a typical example with the AVIcode collected data. 

In addition, AVIcode enables linking to the PDB file, even after data is collected in production, in order to show the source file name and precise line number where the exception occurred. This is accomplished without the PDB files needing to be deployed to a production server, which is typically against corporate IT policy and certainly not recommended. 

Another advantage that AVIcode provides over ELMAH is a secured, centralized web console for managing data access.  The AVIcode console can be integrated with Windows or Forms authentication and allows for differentiating access privileges based on logical hierarchies and account/application log access rules.  The console is web-enabled, so authorized users can view, search, filter and group data by various parameters. For example, grouping errors by unique issues, with a count of instances or occurrences, helps to eliminate the clutter created by multiple instances of the same error.

ASP.NET health monitoring is an easy way to monitor the health of deployed web applications and to gather information related to the health status and performance characteristics of instrumented applications.

What happens, though, when an ASP.NET health monitoring event does not contain the root cause diagnostics related to isolate and resolve an exception? It's a situation AVIcode encounters with organizations quite often, even those companies that are .NET experts and masters at configuring ASP.NET health monitoring.

We recently came across this situation with a security problem that remained undiagnosed by ASP.NET health monitoring. Because the application was already in production, re-configuring health monitoring and modifying the application code was not a reasonable option. Rather, the organization chose to install Intercept Studio.

The following screenshot depicts a typical exception event, similar to what this organization was able to collect, for the security failure. All runtime information, including the call stack, page and user details, parameters passed, custom user code methods, and additional details throughout the exception chain are provided to ensure rapid problem identification, triage and resolution.

In the case of the security problem this particular organization was encountering, Intercept Studio also provided the resource name, failed action details and security context.

The following screenshot shows the event details for a more sophisticated security issue which occurred within the SQL server executing a stored procedure that caused the application code to fail. 

The fact is, it is not possible to be always-prepared for any problem that can occur. And, problems do occur. When instrumentation is not enough, and when modifying in-production code is not an option, a low-overhead solution like Intercept Studio can be implemented on-the-fly to monitor the application state and speed problem resolution by clearly showing you what is going wrong and why.

Welcome to AVIcode's new company blog. We hope to provide you with a range of valuable information related to your end-to-end application performance monitoring efforts, including news, opinions, real-world case studies and application monitoring resources. In addition, AVIcode's technologists are eager to share their experiences and best practices in order to help you ensure the availability and reliability of your critical business applications. We welcome your comments, suggestions and requests. We will do our best to respond in a timely and informed manner. Please check back often or subscribe to our feed so you can be assured of receiving the latest and most timely information.