Yesterday I saw a couple of
presentations here at TechEd on the Enterprise Instrumentation Framework.
Currently I use log4net for all
my logging needs, and I've been doing some compare and contrast between the two
systems.
The advantage to using
either of these frameworks is that they are loosely coupled. There is no
design time mapping between event sources and event sinks. In log4net all the
developer need to is categorize the log message as Debug, Info, Warn, Error or
Fatal. At runtime, log4net is configured using an XML document. You can
define multiple event sinks, such as text files, the Event Log, ADO data
sources, OutputDebugString, etc. It's easy to create plugins to support new
sinks as well. There's even a remoting sink so that you can log to a different
machine. In the configuration file, you can send events to different sinks
based on the logging level (debug, info, etc) or on the namespace of the class
the logging is done from.
In EIF, you can similarly
define multiple sources and sinks, and map them at run time. One big
difference is that in EIF, events are strongly types. You can create an event
schema that is used for logging data with distinct types, rather than just as
strings. In text logging that's not so important, but in the Event log, and
especially in WMI ( which EIF supports) you can take advantage of the strong
typing when you read and or sort the events. However, that means that you have
to define the schema, which is work. One drawback is that out of the box, EIF
supports many fewer event sinks, in fact only three: WMI, the Event Log, and
Windows Event Tracing (on Win2K and up). As with log4net, EIF allows you to
create your own event sinks. There's currently no UI for reading Windows Event
Tracing logs, but they do provide an API. Furthermore, the configuration for
EIF is rather more complicated.
The built in support for WMI
in EIF is pretty useful, since it abstracts out all the System.Management
stuff. This support makes it easy to support industry standard management
tools like HP OpenView. And you even get perf counters for free when you
define an EIF event source. On the other hand, this support for WMI makes
intalling a bit more high ceremony, since you have to include an installer
class in your app to register the WMI schema.
Possibly the coolest feature
in EIF is the fact that they can push correlation data onto the .NET call
context, which travels across remoting boundaries. That means that they can
correlate a set of events for a particular operation across process and server
boundaries. They demoed a UI that would then create a tree of operations with
nested events arranged in order. Pretty cool stuff.
So, EIF has strongly typed
events, WMI support, perf counters for free and cross process event
correlation. Log4net is much simpler to implement, requires less coding
overhead, and supports a wider range of event sinks out of the box. It's a
tough choice. The WMI support might swing things toward EIF in the long run, especially
if you operations outfit uses WMI management tools.