14. Attributes To Log
• The application logs must record "when, where, who and what" for each event.
When
Where
Who
What
15. Attributes To Log (When)
Event date and time
Interaction identifier
Method of linking all (relevant) events for a single user interaction (e.g.
desktop application form submission, web page request, mobile app button
click, web service call)
16. Attributes To Log (Where)
Application Name and Address
Geolocation
Client IP
Request Path
Application Module
17. Attributes To Log (Who)
Source Device, Address, IP or any identifier
User Identity such as Username or any other identifier
18. Attributes To Log (What)
Event Severity Level
Event Type / Event Id
Action
Object
Description
Request/Response
Http Status Code (Success/Failure)
Headers
User Agent
Error (Exception, Stack Trace or any error description)
19. Data to Not Log
• Credentials
Tokens
Passwords
• Sensitive Application Data
Database Connection Strings
• Sensitive personal data
Bank Card Number or Iban
…
27. Some logging advices
• Log as much as you can
Maybe logging millions of event in few minutes
• Log everything in structured manner
• Log Interaction Identifier (User Id, Request Id, or any unique identifier)
Allow you to track user interaction between systems or Service to Service Communication
• Do not hard-code log configuration
• Do not log sensitive Information (Exceptions, Personal Data…)
• Log Request/Response details Automatically using Middleware
• It make it easy for you to troubleshoot problems between micro-services
28. Performance Considerations
• Logs will be sent to asynchronous log management system
• Maybe milliseconds latency
• No problem for scalable apps
• A little load on CPU
• Logs may be better to store on another disk (each disk has own write queue)
• You can test performance with/without logs using browser Request Timings
or any other tool
29. Some useful libs (.NET)
• AutoWrapper
Wrap application responses in standard format
Automatically log request/responses and errors
Prevent to expose sensitive information on errors to clients
• Serilog
Structured Logging
Many sinks
Async batch log emitting
Userful Enrichers