This really goes hand in hand with my last post, Monitoring.

One thing I don’t get is why in production, most logging is shut off in my favorite PHP framework, Symfony. To me, logging is necessary to determine the state of your application. Along with updating metrics for use in graphs, a log message should be logged for the same kind of events. This gives you some forensics to determine problems that occurred. Even more, you can log all sorts of information to be able to determine what went wrong where.

For instance, someone complains that their account was hacked? If you log the IP and user agent of the person who logs into an account, you’ll be able to look into your logs and determine what happened. If you’re also logging incorrect logins, you’ll also be able to see what other accounts that IP tried to log into.

Always log exceptional and nominal events that occur in your application. Your log level should be set to INFO not ERROR in production. You should be able to go through the logs and see what’s going on. It will also help you determine what new security features and bug fixes need to be planned.

This entry was posted in Lessons learned. Bookmark the permalink.

One Response to Logging

  1. Vijay says:

    As a person who bltutreshooos various application issues, it has always made me wonder what if log files were standardized?’. It would be so much easier if they were, and you could have a single application roll the logs into a stanard report that could give insight at your fingertips rather than having to dig for it. Not only across different products and OS’s, but sometimes within the same product, logfiles have different formats. An error log may have one format, while a security or access log may be formatted entirely differently. You are right, Albert. If the developers were to get an early start and design the logs to be standardized rather than up to the developer, getting an early warning on an issue may be a lot easier than it is now. It’s not a glamorous part of software, but a very necessary part that makes troubleshooting a lot easier if the information was there, and in a standardized format.