Tools

Tools: Stop Flying Blind in Production: Add a Live Observability Dashboard to Your ASP.NET Core App in 5 Minutes (2026)

2026-05-28 0 views admin
Tools: Stop Flying Blind in Production: Add a Live Observability Dashboard to Your ASP.NET Core App in 5 Minutes (2026)

What Is AsGuard?

Getting It Running (For Real, Under 5 Minutes)

Step 1 — Install the package

Step 2 — Configure in Program.cs

Step 3 — Register the middleware

Step 4 — Hit the dashboard

The Middleware Order Actually Matters

Choosing a Database

Masking Sensitive Data

What You'll Actually Use It For

Debugging slow requests in development

Tracking down production exceptions

Capturing ILogger output

APM for EF Core and HttpClient

Seeing what's live, right now

Production Notes

The Bigger Picture No Grafana. No Datadog. No YAML. Just visibility. You've shipped your ASP.NET Core API. It's live. And then your product manager pings you: "Something seems slow — can you check?" You open the logs. Wall of text. No correlation IDs. No timing. No idea which request threw that exception at 2 AM. That's the problem AsGuard solves. AsGuard is a lightweight NuGet package that plugs directly into your ASP.NET Core middleware pipeline and gives you: The entire thing runs inside your app. No external services. No Docker compose file with six containers. No licensing tiers. Just a NuGet package and four lines of configuration. The placement matters. Add UseRequestLogging() after HTTPS/CORS but before auth and your endpoints: Run your app, open a browser, and navigate to: Enter your credentials and you'll see a live dashboard with every request your app has handled. That's it. One gotcha worth knowing upfront: where you place UseRequestLogging() in the pipeline determines what gets captured. Placing it after auth means you lose logs for unauthorized requests. Placing it before exception handlers means unhandled exceptions won't have their HTTP context correctly linked. The order shown above gets you everything. AsGuard supports four providers out of the box: Switching is one line: No migrations to run manually. AsGuard auto-creates its tables on startup. If you capture request bodies (and you should, for debugging), you don't want passwords or card numbers showing up in your log viewer. AsGuard gives you two ways to handle this. Per-property attribute: Global key list in config: This runs at the middleware level before anything hits the database — you're never storing what you shouldn't. The request log view shows method, path, status code, and duration for every call. You can filter by status, search by path, and click into any row to see the full request/response bodies, headers, and the correlation ID chain. Exception logging captures the full stack trace, the HTTP context it occurred in, the severity, and when it happened. The dashboard includes trend charts so you can see if your error rate just spiked after a deploy. With CaptureHostLogs = true, any LogWarning or LogError your existing services emit gets stored alongside the HTTP logs. You don't need to change a single line of your existing logging code — AsGuard just intercepts the host ILogger pipeline. AsGuard auto-instruments EF Core queries and outbound HttpClient calls, showing them as Gantt-style trace timelines per request. If one endpoint is slow because it's firing 12 database queries, you'll see exactly which ones and how long each took. The dashboard uses Server-Sent Events for real-time updates — no page refresh, no polling interval to configure. While you're load testing or manually poking an endpoint, the request log updates in front of you. A few things to know before deploying: Change the default credentials. AsGuard actively rejects the literal string "admin" as a username. Store credentials in environment variables or user secrets: The write path is non-blocking. AsGuard uses a queue-based architecture — logs are written to an in-process channel and flushed asynchronously. Your API response times are not affected by database write latency. Set up retention policies. For high-traffic apps, configure auto-cleanup so the log table doesn't grow unbounded: SQLite is fine for low-to-medium traffic. For anything handling hundreds of requests per second in production, switch to PostgreSQL or SQL Server. Most .NET teams reach for Sentry for exceptions, Datadog or Azure Monitor for metrics, and a custom Kibana setup for logs. That's three services, three SDKs, three dashboards, and three monthly bills. AsGuard doesn't replace that stack for large-scale production systems. But for the majority of apps — internal tools, SaaS products under 100k requests/day, staging environments, side projects — it gives you 80% of the observability value at 0% of the infrastructure overhead. Install it in your existing app today and you'll have a searchable, live view of every request and exception by the time your coffee's ready. GitHub: mahmood-alsarraj/asguard NuGet: dotnet add package AsGuard If this saved you a debugging session, give the repo a star — it helps. Templates let you quickly answer FAQs or store snippets for re-use. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse

Code Block

Copy

dotnet add package AsGuard dotnet add package AsGuard dotnet add package AsGuard using AsGuard.Extensions; using AsGuard.Domain.RequestLogging; var builder = WebApplication.CreateBuilder(args); builder.Services.AddRequestLogging(options => { options.DatabaseProvider = LoggingDatabaseProvider.Sqlite; options.ConnectionString = "Data Source=asguard.db"; options.DashboardRoute = "/logs"; options.DashboardUsername = builder.Configuration["AsGuard:Username"] ?? "admin"; options.DashboardPassword = builder.Configuration["AsGuard:Password"] ?? "change-me"; options.EnableExceptionLogging = true; options.CaptureHostLogs = true; }); var app = builder.Build(); using AsGuard.Extensions; using AsGuard.Domain.RequestLogging; var builder = WebApplication.CreateBuilder(args); builder.Services.AddRequestLogging(options => { options.DatabaseProvider = LoggingDatabaseProvider.Sqlite; options.ConnectionString = "Data Source=asguard.db"; options.DashboardRoute = "/logs"; options.DashboardUsername = builder.Configuration["AsGuard:Username"] ?? "admin"; options.DashboardPassword = builder.Configuration["AsGuard:Password"] ?? "change-me"; options.EnableExceptionLogging = true; options.CaptureHostLogs = true; }); var app = builder.Build(); using AsGuard.Extensions; using AsGuard.Domain.RequestLogging; var builder = WebApplication.CreateBuilder(args); builder.Services.AddRequestLogging(options => { options.DatabaseProvider = LoggingDatabaseProvider.Sqlite; options.ConnectionString = "Data Source=asguard.db"; options.DashboardRoute = "/logs"; options.DashboardUsername = builder.Configuration["AsGuard:Username"] ?? "admin"; options.DashboardPassword = builder.Configuration["AsGuard:Password"] ?? "change-me"; options.EnableExceptionLogging = true; options.CaptureHostLogs = true; }); var app = builder.Build(); app.UseHttpsRedirection(); app.UseRequestLogging(); // ← right here app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.Run(); app.UseHttpsRedirection(); app.UseRequestLogging(); // ← right here app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.Run(); app.UseHttpsRedirection(); app.UseRequestLogging(); // ← right here app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.Run(); https://localhost:<port>/logs https://localhost:<port>/logs https://localhost:<port>/logs [HTTP Request In] │ ▼ ┌──────────────────────┐ │ Exception Handler │ ← register first so AsGuard can intercept exceptions └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ HTTPS / CORS / HSTS │ └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ UseRequestLogging() │ ← HERE: correlation IDs generated, body stream opened └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Auth & Authorization│ ← 401s and 403s will still be logged └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Your Endpoints │ └──────────────────────┘ [HTTP Request In] │ ▼ ┌──────────────────────┐ │ Exception Handler │ ← register first so AsGuard can intercept exceptions └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ HTTPS / CORS / HSTS │ └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ UseRequestLogging() │ ← HERE: correlation IDs generated, body stream opened └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Auth & Authorization│ ← 401s and 403s will still be logged └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Your Endpoints │ └──────────────────────┘ [HTTP Request In] │ ▼ ┌──────────────────────┐ │ Exception Handler │ ← register first so AsGuard can intercept exceptions └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ HTTPS / CORS / HSTS │ └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ UseRequestLogging() │ ← HERE: correlation IDs generated, body stream opened └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Auth & Authorization│ ← 401s and 403s will still be logged └──────────┬───────────┘ │ ▼ ┌──────────────────────┐ │ Your Endpoints │ └──────────────────────┘ // PostgreSQL options.DatabaseProvider = LoggingDatabaseProvider.PostgreSql; options.ConnectionString = "Host=localhost;Database=asguard;Username=postgres;Password=pass"; // In-Memory (no persistence, great for tests) options.DatabaseProvider = LoggingDatabaseProvider.InMemory; options.MaxInMemoryEntries = 10000; // PostgreSQL options.DatabaseProvider = LoggingDatabaseProvider.PostgreSql; options.ConnectionString = "Host=localhost;Database=asguard;Username=postgres;Password=pass"; // In-Memory (no persistence, great for tests) options.DatabaseProvider = LoggingDatabaseProvider.InMemory; options.MaxInMemoryEntries = 10000; // PostgreSQL options.DatabaseProvider = LoggingDatabaseProvider.PostgreSql; options.ConnectionString = "Host=localhost;Database=asguard;Username=postgres;Password=pass"; // In-Memory (no persistence, great for tests) options.DatabaseProvider = LoggingDatabaseProvider.InMemory; options.MaxInMemoryEntries = 10000; public class LoginRequest { public string Username { get; set; } [AsGuardMasked] public string Password { get; set; } // stored as "[REDACTED]" } public class LoginRequest { public string Username { get; set; } [AsGuardMasked] public string Password { get; set; } // stored as "[REDACTED]" } public class LoginRequest { public string Username { get; set; } [AsGuardMasked] public string Password { get; set; } // stored as "[REDACTED]" } options.SensitiveBodyKeys.Add("creditCardNumber"); options.SensitiveBodyKeys.Add("ssn"); options.SensitiveBodyKeys.Add("token"); options.SensitiveBodyKeys.Add("creditCardNumber"); options.SensitiveBodyKeys.Add("ssn"); options.SensitiveBodyKeys.Add("token"); options.SensitiveBodyKeys.Add("creditCardNumber"); options.SensitiveBodyKeys.Add("ssn"); options.SensitiveBodyKeys.Add("token"); # environment variable approach ASGUARD__USERNAME=your_secure_user ASGUARD__PASSWORD=your_secure_password # environment variable approach ASGUARD__USERNAME=your_secure_user ASGUARD__PASSWORD=your_secure_password # environment variable approach ASGUARD__USERNAME=your_secure_user ASGUARD__PASSWORD=your_secure_password options.RetentionDays = 30; options.RetentionDays = 30; options.RetentionDays = 30; - Full HTTP request/response logging with timing, method, status, and body capture - Exception tracking with stack traces, severity, and trends — no Sentry account required - Host ILogger capture — your existing LogWarning and LogError calls get stored and searchable - A built-in live dashboard with dark/light mode, SSE-powered real-time updates, and filtering - APM trace timelines — auto-tracks EF Core queries and HttpClient calls with Gantt charts - Alerting for queue pressure, exception spikes, and persistence failures - Sensitive data masking via [AsGuardMasked] attributes and configurable header redaction - SQLite — zero setup, file-based; perfect for local dev, small apps, and quick demos - SQL Server — the natural fit for production on Azure or Windows-hosted workloads - PostgreSQL — ideal for Linux environments and cloud-native stacks - In-Memory — no persistence, no config; great for integration tests and ephemeral environments

🏷️ Tags

toolsutilitiessecurity toolsflyingblindproductionobservabilitydashboardminutesapt

More from Tools

Tools: Latest: Docker+Kubernetes部署AI模型:从开发到生产的MLOps实战指南

Tools: Latest: Docker+Kubernetes部署AI模型:从开发到生产的MLOps实战指南

2026-05-28 0
Tools: Multi-Architecture Docker Builds for Node.js: From Apple Silicon to AWS Graviton - Expert Insights

Tools: Multi-Architecture Docker Builds for Node.js: From Apple Silicon to AWS Graviton - Expert Insights

2026-05-28 0
Tools: Ultimate Guide: Deskbrid: A Linux Desktop HAL Built Entirely by AI Agents

Tools: Ultimate Guide: Deskbrid: A Linux Desktop HAL Built Entirely by AI Agents

2026-05-28 0
Tools: Amazon Bedrock AgentCore Payments: The Spending Limit Is the Product

Tools: Amazon Bedrock AgentCore Payments: The Spending Limit Is the Product

2026-05-27 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views