Get The Basics Right First : Logging

No code runs faster than no code.
No code has fewer bugs than no code.
No code uses less memory than no code.
No code is easier to understand than no code.

-Mike Perham

Introduction

Whichever hat you wear within the business, we all hope that the business functions smoothly with no hiccups at all. We hope that the application deployed to the production environment is stable and works without crashing. However in near future, the application will crash. Components in it’s upstream and downstream will be impacted. It is always good to be prepared for uncertain times, for bugs that might creep in.
Logging and monitoring your complete stack is vital. Logging needs to happen at every level of the stack, right from the infrastructure to the application hosted on it.
Everyone, to name a few, the product owner, developer or infrastructure engineer, must give importance to logging.
NIST SP800–92 defines logs as “a record of the events occurring within an organization’s systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network.”
Application log entries can be categorized into:

• Client request and server responses, which can be very helpful in reconstructing sequences of events and determining their apparent outcome.
• Account information such as successful and failed authentication attempts, account changes (e.g., account creation and deletion, account privilege assignment), and use of privileges.
• Usage information such as the number of transactions occurring in a certain period and the size of transactions.
• Significant operational actions such as application start-up and shutdown, application failures, and major application configuration changes.
  The verboseness of log entries needs to be controlled based on the environment type. There is no golden rule on the level of details you should log. The application log verbosity should be configurable. As a rule of thumb, the verboseness of an application log should be inversely proportional to the application stability.

Sample non production log entries

The verbosity of non production / dev environment needs to be highest level to trace all the errors.

Sample production log entries

Note that I have disable the stack trace in my production logs.

Logging made easy

Using an existing solution as reference, I have cherry picked and recreated the decorator. Any function of yours can have a basic logging by using the log_decorator

Code snippet to decorate your function with logging features

Complete sample solution is located at sample_log.py

Conclusion

• Always log, both successful and unsuccessful events.
• Log enough so you can recreate the timeline of events to trace errors.
• Avoid logging stack traces in production.
• If your application is unstable increase verbosity.
• Use standard logging format so your log analytics tool can parse it.

Reference

1. NIST SP800–92 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdfhttps://csrc.nist.gov/publications/detail/sp/800-92/final
2. Referenced log-decorator https://github.com/hima03/log-decorator

Originally published at https://github.com.

licensed under CC BY 4.0