This document discusses best practices for application logging. It recommends structuring logs with standardized date/time, process ID, application details, location, and event type. Logs should separate by area of interest, not log and throw exceptions, and add context to error messages. Logging key events and changes can help trace issues. Formats like log levels, tickets, and flow markers aid analysis. Logs from all sources should be aggregated while avoiding junk. Proper logging improves issue detection.

1. How I Learned to Stop
Worrying and Love the Logs

2. DISCLAIMER

3. DISCLAIMER
The bearing of a child takes nine months, no matter how many
women are assigned.
Brooks's Law: Adding manpower to a late software project
makes it later.
This second is the most dangerous system a man ever designs.
Never go to sea with two chronometers; take one or three.

4. DISCLAIMER
There’s no silver bullet

5. How I Learned to Stop
Worrying and Love the Logs

6. Outline
Motivation
Objectives
Format
Best practices
Quiz
Cheats

7. Motivation

8. Your program is going to die anyway,
the leastit can do is tell you who killed it

9. G

10. Objective

11. A H
I
T

13. Format

14. W ? W ?W ?
W ?W ?

15. W ?
Log date and time (international format)
Resolution - Milliseconds
processID / threadId

16. W ?
Application identifier e.g. name and version
Code location e.g. script name, module name
Geolocation
Window/form/page

17. W ?
Source address
User identity (if authenticated or otherwise
known)
Or session context

18. W ?
Type of event
Severity
security
General description

19. Message Priorities/Levels
Fatal
Error
Warn
Info
Debug
Trace
Emergency
Alert
Critical
Error
Warning
Notice
Informational
debug
Warn
Info
Verbose
Debug
Silly
Severe
Warning
Info
Config
Fine
Finer
Finest

20. Message Priorities/Levels
•Fatal Severe errors that cause premature termination.
•Error Other runtime errors or unexpected conditions.
•Warn are undesirable or unexpected, but not
necessarily "wrong".
•Info Interesting runtime events (startup/shutdown).
•Debug detailed information on the flow through the
system.
•Trace more detailed information.

21. Message Priorities/Levels
Fatal
Error
Warn
Info
Debug
Trace
Emergency
Alert
Critical
Error
Warning
Notice
Informational
debug
Warn
Info
Verbose
Debug
Silly
Severe
Warning
Info
Config
Fine
Finer
Finest

22. Message Priorities/Levels
Fatal
Error
Warn
Info
Debug
Trace
Emergency
Alert
Critical
Error
Warning
Notice
Informational
debug
Warn
Info
Verbose
Debug
Silly
Severe
Warning
Info
Config
Fine
Finer
Finest

23. •Input validation failures
•Output validation failures
•Authentication successes and failures•Authorization (access control) failures•Session management failures•Application errors and system events•Application and related systems start-upsand shut-downs, and logging initialization(starting, stopping or pausing)•Use of higher-risk functionality•Legal and other opt-ins
•Sequencing failure
•Excessive use
•Data changes
•Fraud and other criminal activities
•Suspicious, unacceptable or unexpected
behavior
•Modifications to configuration
•Application code file and/or memory
changes
W ?

24. W ?
Service origin
Flow marker

25. Best Practices

26. B
Log locally to files
Rotate log files to keep them current
Keep multi-line events to a minimum
Window/form/page

27. Collect events
from everything,
everywhere
•Application logs
•Database logs
•Network logs
•Configuration files
•Performance data (iostat,
vmstat, ps, etc.)
•Anything that has a time
component

28. Separate
logs to areas
of interest
Line.log
Uut-0141409124.log
Uut-0141409125.log
Uut-0141409126.log
Uut-0141409127.log

29. Don’t log
and throw
try {
// Code that generates an IOException
} catch (IOException e) {
logger.fatal("Caught IOException", e);
throw e;
}

30. Don’t catch
and drop
try {
// Code that generates an IOException
} catch (IOException e) {}

32. void transfer(Account fromAcc, Account toAcc,int amount, User user) {
if (!isUserAuthorised(user, fromAcc)) {
throw new UnauthorisedUserException();
}
if (fromAcc.getBalance() < amount) {
throw new InsufficientFundsException();
}
fromAcc.withdraw(amount);
toAcc.deposit(amount);
database.commitChanges(); // Atomic operation.
}

33. void transfer(Account fromAcc, Account toAcc,int amount, User user) {
logger.info("Transferring money...");
if (!isUserAuthorised(user, fromAcc)) {
throw new UnauthorisedUserException();
}
if (fromAcc.getBalance() < amount) {
throw new InsufficientFundsException();
}
fromAcc.withdraw(amount);
toAcc.deposit(amount);
database.commitChanges(); // Atomic operation.
}
.

34. void transfer(Account fromAcc, Account toAcc,int amount, User user) {
logger.info("Transferring money from {} to {} amount {} user {}“,
fromAcc, toAcc, amount, user);
if (!isUserAuthorised(user, fromAcc)) {
logger.info("User has no permission.");
throw new UnauthorisedUserException();
}
if (fromAcc.getBalance() < amount) {
logger.info("Insufficient funds.");
throw new InsufficientFundsException();
}
fromAcc.withdraw(amount);
toAcc.deposit(amount);
database.commitChanges(); // Atomic operation.
}

35. void transfer(Account fromAcc, Account toAcc,int amount, User user) {
logger.info("Transferring money from {} to {} amount {} user {}“,
fromAcc, toAcc, amount, user);
if (!isUserAuthorised(user, fromAcc)) {
logger.info("User has no permission.");
throw new UnauthorisedUserException();
}
if (fromAcc.getBalance() < amount) {
logger.info("Insufficient funds.");
throw new InsufficientFundsException();
}
fromAcc.withdraw(amount);
toAcc.deposit(amount);
database.commitChanges(); // Atomic operation.
logger.info("Transaction successful.");
}

36. private String phone;
public String getPhone() {
return (phone == null) ? "none" : phone;
}
public void setPhone(String arg, MfDate changeDate) {
log(changeDate, this, "change of phone", phone, arg);
phone = arg;
}
public void setPhone(String arg) {
setPhone(arg, MfDate.today());
}
private static void log(MfDate validDate, Customer customer, String description, Object oldValue, Object
newValue) {
try {
logfile().write(validDate.toString() + customer.name() + "t" + description +
"t" + oldValue + "t" + newValue + "t" + MfDate.today() + "n");
logfile().flush();
} catch (IOException e) {
throw new ApplicationException("Unable to write to log");
}
}

37. LOG.debug(arg.toString());
LOG.debug("Method called with arg {}", arg);
LOG.debug("{}", arg);

38. LOG.debug( "Something interesting is happening:
event=" + event.type + ", message=" + message);
LOG.debug( "Something interesting is happening:event={0}, message={1}", event.type, message);

39. try { doSomething(arg); ... }
catch (SomeException ex) { }
try { doSomething(arg); ... }
catch (SomeException ignore) {
LOG.warn(
"Failed to do something with {}, ignoring it",
arg); }
try { doSomething(arg);}
catch (SomeException ex) {
LOG.warn(ex.getMessage()); }

40. Log Manager

41. Count
something

43. 57,465Exceptions per day

44. 57,465Errors per day

45. 57,465Transactions per day

48. Enumerate logger
errors
LOGGER.error("001 - Error writing
to device”);
LOGGER.error("002 - Error writing
to device”);
LOGGER.error("003 - Error writing
to device”);

49. Use ALM markers
in code
LOGGER.error(“JIRA-1231 :
threshold has been exceeded.”)
LOGGER.warn(“TFS-1231 : Map
server not found. No tiles will
be shown.”)

50. 57,465JIRA-1231
Per day

51. 1JIRA-1231
Per day

52. 0JIRA-1231
Last month

53. Use categories
and flow markers
LOGGER.info("MESSAGE-FLOW
7a-SUCESS - {0} got ACK for {1}",
sender, alert);
LOGGER.info("MESSAGE-FLOW
7b-RETRY - {0} will resend {1}",
sender, alert);

54. 57,465Messages sent

55. 57,465Messages sent

56. 57,465Messages sent
351Messages not sent

57. C f
Lack of common log formats
Not all activities are logged, or aggregated
Requires learning
High volume of junk

58. Thank you