Monthly Archives: July 2011



Even as a developer you sometimes need to keep an eye on some things running on computer systems. If you are in a support or administration role it is even more important. Over the years I have developed or was involved in the creation of multiple systems in this ‘space’.


Years ago (14+ wow, feels like another life-time) I single-handily created and worked on a help desk tracking system called VHelpdesk first and then later renamed to Logidesk. That was back in my Vircom/Logical/3Fifteen days. At some point a version of this tool/system was even used by the Botswana government (via a service provider company). Those were interesting times… This system exposed me to the needs of service/operational oriented people that is/was helping other people in the IT world. You only really appreciate the needs of help/service desk people once you have to think like them.

In more recent years I’ve been more involved around the ‘BizTalk’ world – first for development but the last couple of years more on management and administration. In the process I had to create a lot of tools to help myself and others with these tasks. EventScavenger is one of those tools – but it is not the only one. Some of my tools are even used by others – even those in a full time production 24×7 environment. Yes, this is a little bragging – but if I don’t do it no one will 😉

There’s an art to it

Creating monitoring systems properly is sort of an art by itself – then again any decent computer system requires that. There is a fine balance between functionality, complexity and user experience. In short, your users define what the system must do. Never forget that! Sometimes you are lucky – if you are your own user you first hand know what you want. Similarly, if the users are people that does the same as you it is fairly easy to create that system.

Monitoring verses Alerting systems

Before I go on about monitoring systems lets first define the difference between monitoring and alerting – as I use them. Monitoring is purely the action of gathering information about the state of something and then record it so it can be viewed afterwards. Alerting is something that builds on-top of or extend monitoring to automatically alert users when some desired (or usually undesired) state is reached. As an example, EventScavenger is just a monitoring tool. It does not notify anyone or anything if it encounters some error logged by some machine’s event log. Microsoft SCOM is an alerting system (and more – it not only alerts but can actually automatically run some corrective script to attempt to fix something that has gone wrong).


A year or three ago I created something simple to monitor multiple types of computer system related entities with a plug-in architecture. I never really finished it properly but surprisingly it actually works to this day. Al it does is to gather some state data and present it as a simple icon on the taskbar (or originally in the XP day the notification area). You can open a detail window that display the state of each ‘agent instance’ to see what its individual state is. Further, you can also open an even more detail presentation of the particular agent’s details.

There are multiple agents – each with a different function but they all implement the same (.Net) ‘Interface’. Adding a new agent type is as easy as implementing the required interface and ‘registering’ the assemble/dll with the main app. The idea is/was that it should be extendable without having to change the main app at all. The agents I created so far (but never went on further) are: Ping, Service state, File count and one special one to monitor the number of suspended BizTalk instances (this was the one that gave me the idea). In the main app you can create a list of agents, mixing any number of them, duplicates of the same type of agent with different configs etc. This list of configs can be saved to a file (plain xml) so you can have multiple sets of things you want to monitor.


As an example: the Ping agent. This agent is configured to ping a list of machines – each entry has a maximum allowed ping time and time-out time. When the main app calls this agent instance it only returns one value – the ‘worst’ state of all the states of all the ‘pings’. If (any) one ‘ping’ times out the total state is ‘error’. If any one ping exceed the maximum allowed value the total state is ‘Warning’. Otherwise the total state is ‘Good’ or OK. You get the idea. How/what an agent define as error, warning or good is up to the implementation of that particular agent.

Other than the main GetState() method the agent must also support (Windows Form) interfaces for (1) ‘editing’ its config and (2) displaying details about the states of things it monitor.

What has become of Quickmon

Quickmon sounds all nice but at some point the complexity and time (and willpower) to go on stopped me to develop it further. As it is it works like explained above but I have some new and additional ideas I would like to add. The ‘current’ version is purely visual monitoring tool. It does not record history. I never completed an easy way to initially set up the app with its registered agents (have to be done manually so far). It was created in .Net 2.0.

Funny thing is, I started using it again ‘as is’ but I decided to start a new project based on the same idea and extending it. The only issue (again) is time.

New project

The new project will take the old Quickmon concepts like a plug-in architecture, grouping or rolling up resulting states and having each agent define its own functionality. Some new ideas I have are:

  • Adding alerts/notifications – also using a plug-in architecture. e.g. Log file, RSS feed, SMTP, database table.
  • Make it into a Windows service (but also still have a UI part)
  • Having dependencies between agents – e.g. If a machine is not pingable then don’t bother checking any service states…
  • Adding some more agents – e.g. Disk space, Database/table size, Event logs (touching on EventSavenger grounds here) etc.

One problem with all these ideas is that the more functionality I add the more complex it becomes to manage – this is true for any project. Also, it might start competing on territory where commercial products are – like SCOM… and I don’t want that…

I have started with this project and have some working ‘bits’ already. Perhaps I must see if there are others that might be interested in collaborating on this project – just an idea. Any takers?


Basic string to integer conversion extensions

Sometimes the more simpler things in life really help. Take the following couple of .Net extensions posted to CodeProject. Some of these will make (developer) life a bit easier.

Space, the final frontier?

Being a bit of a space/science nut and also a sci-fi lover I often read articles related to these things when I get a chance. Yesterday I happen to stumble across a few images of some old space station ideas dating back to the 60’s/70’s with the O’Neil cylinder/Three island concept. People that time had really grand ideas where we would be by ‘now’. Perhaps it was a bit ambitious but at least they dreamed and saw some hope for ‘all mankind’.

Fast-forward to present time. We have no big space stations, regular space trips, no bases on the moon or mars, no traveling to the stars – not even (tangible) plans for any of these in the immediate or near future. Seems everyday things like politics, money, power (the political kind) are too important for anyone to still have great dreams for ‘man kind’. Funny, all those things are the ones our ‘mothers/fathers’ warned us about to avoid… but we don’t listen, like usual.

Even on the fictional track of life things are dying. When last did we have a good sci-fi show (space oriented)? I’m busy watching the whole Babylon 5 series on DVD and this is probably what started making me think about these things. I long for the times I had ‘time’ (and the willpower) to do proper reading of a good sci-fi book. The last book I was busy with but somehow abandoned was the third Rama book (like in Rendezvous with Rama).  Damn, I must make time for that again… Why did sir Arthur C Clarke had to go and die? I miss him!

Why did ‘we’ stopped dreaming big?

Console.ReadKey with timeout

There have been multiple times I wished I had a method for this. Often when you are testing things using a plain console application you want to view some output but not have to wait forever (using something like Thread.Sleep) or every time needing to press the ‘Any’ key 😉

Actually I’m a bit surprised .Net hasn’t got something like this built in yet but since it doesn’t I had to create one myself. I created a utility class with a single method to accomplish this. I thought about using an extension method but since the Console class is itself static extension methods does not work for it.

public static class ConsoleHelper

public static ConsoleKeyInfo ReadKeyWithTimeOut(int timeOutMS)

DateTime timeoutvalue = DateTime.Now.AddMilliseconds(timeOutMS);

while (DateTime.Now < timeoutvalue)

if (Console.KeyAvailable)

ConsoleKeyInfo cki = Console.ReadKey();
return cki;




return new ConsoleKeyInfo(‘ ‘, ConsoleKey.Spacebar, false, false, false);



What this gives you is a method that waits until the specified time-out expires or any (normal) key has been pressed.


This morning I was just trying to think about how many Space sci-fi (Sci-fi in space with space ships and aliens) series I can think of. Turns out there are quite a few and there seems to be a pattern… Here is a list (in no particular order of preference so not to upset some fanatic fans)

  • Start Trek (5 series’s plus series of movies)
  • Star Wars (technically not TV series but it has Clone wars etc.)
  • Stargate (Movie plus 3 series’s)
  • Battlestar Galactica (2 series’s – old and new)
  • Babylon 5 (series and some TV movies)
  • Space 99 (1 series with 2 seasons, grand daddy of them all)
  • Farscape (1 series plus TV movie)
  • Firefly (1 series plus 1 movie)
  • Buck Rogers (1 series – 1 /1/2 seasons)
  • V (old and new)
  • Andromeda (1 series)
  • Robotech (Ok it is anime but… 3 series’s but can be seen as 1 long series plus movie. Also known as Macross)
  • Lexx (I never saw this myself)
  • Blake’s 7 (I never saw this myself)

Some related series that are (honorary mentions) more general sci-fi are:

  • 2001/2011 – strictly not a series but they follow a sequence (and the books)
  • Dr Who
  • X-Files
  • Alien series of movies
  • Predator series of movies
  • Alien vs Predator movies

These are the ones I can think of now. I might have missed some but these are the most  common ones I can think off. If you can think of more please comment.

Event collector

Ok, I’ve built a working service that utilize the event driven Event log functionality built into .Net’s EvenLog class – and not the newer System.Diagnostics.Eventing.Reader classes because I’m having problems getting it to properly return all the data I require.

This new service (a Windows service) runs alongside the existing EventScavenger service. It does not replace it since there are core functionality it lacks (and always will). For example – there is no guarantee that it will capture every event generated in the event log and any entries that get logged while it is not running will be missed – this include past entries as well. So I’m contemplating running both services side-by-side, first for testing but also probably in the future. The only real benefit of the new service is that it keeps the data stored in the database much more ‘up to date’ in case that is what you want. However, EventScavenger was created in the beginning to do the opposite – to be able to look up events in the past and do some reporting on it. Perhaps the combination of both old and new services together can be of use to some.

To poll or not to poll, what am I polling?

This is a question many have asked but the answer is never right for all scenarios. The question is coming up again with my EventScavenger system but the answer is not obvious. There are benefits to both polling and not polling (usually by something that raises events). This is really an architectural question and I’m kind of just blamestorming by myself (blaming myself among other things).

A quick overview of the definitions (in my context of my scenario):

What is polling?

Usually this is an action where something running locally periodically access something remotely and then gather data, do some work (store data) and then go to some sleep or waiting state again until a next scheduled time.

What is the alternative (not polling)?

Usually this involves something at the source pushing the data you need locally to you (or the data storage place where you can access it). You also must have something that ‘subscribe’ to this event to capture it.

What are the benefits of each/each approach?


  • Not active the whole time – i.e. open connections over network, resource handles etc. It spends time ‘waiting’ until next scheduled polling event.
  • Don’t require remote software to be installed (something that subscribes to the events)
  • No ‘missed’ events to worry about. On each poll you gather all relevant data since previous polling anyway.
  • Easier to administrate as it is usually a central component/service.

Not polling (Events):

  • Data gets transferred/stored ‘as it happens’.
  • No big batches of data send over network – each event’s data is sent on its own.
  • No network traffic while there is no data to report on
  • Number of remote locations not (so much) limited to what a single ‘poller’ could handle.

Unfortunately there is no golden ‘middle way’. Its either the one or the other approach (per resource you want to access). The current approach for EventScavenger is plain old polling (each event log is done on a separate thread. This works well up to a point until (1) the number of threads become too many, (2) the number of events per ‘poll’ get so many that the particular thread cannot process things quickly enough. To overcome the these problems you can install an instance (collector as named in the EventScavenger context) on the source machine. That can work if you access to the machine (are allowed to install) but then you might as well ask why not use the event driver approach?

The flip side is with subscribing to events is that you must have something installed ‘locally’ on the resource (eventlog in this case) to access the data. That requires something installed and/or running extra there. Also, if for any reason the subscriber is down/busy or something the events raised would be missed with no way to get them back again afterwards.

I’ve been looking at the EventLog.EntryWritten event and also the whole new System.Diagnostics.Eventing.Reader.EventLogWatcher class. Both only works for the local event logs and I’m having issues with the newer EventRecord class that does not give me the proper full description message (always return a null). Perhaps I have to look at an additional component that runs alongside the existing ‘collectors’ services to gather ‘problem child’ event logs – but on the actual source machine and just for raised events. This could help other people but I’m having a situation where I cannot install something on the sources of the logs that must be imported since they are ‘off-limits’ (Domain controllers and Windows Core installs)

Why can’t life be easy? 😉

Moving the SQL server databases of a BizTalk (2006) installation

This is hopefully not something you have to do often and even more so for a production environment!

Firstly if you don’t have any applications installed yet or don’t worry about re-installing everything then rather go ahead and do a fresh install. Secondly, if you can recreate the sql server with exactly the same name – that should be safest option because you don’t need to make any changes to the BizTalk front end servers. Lastly, you can try the ‘restore’ vb scripts that is located in the ‘C:\Program Files\Microsoft BizTalk Server 2006\Schema\Restore’ directory of the BizTalk server(s).

To use these scripts you have to perform the following steps (after making proper backups of the ‘whole’ environment)

1. Stop all host instances plus SSO services.

2. Edit the sample xml file and replace all the placeholder names ‘SourceServer’ and ‘DestinationServer’ plus uncomment the sections you need and save the file.

3. Run the 2 scripts ‘UpdateDatabase.vbs’ (once) and ‘UpdateRegistry.vbs’ (on each BizTalk server).

4. Start SSO service (master first)

5. Start BizTalk hosts

6. If it worked go buy yourself a drink… else start praying…