Software Logging Schemes?

MySkippy writes "I've been a software engineer for just over 10 years, and I've seen a lot of different styles of logging in the applications I've worked on. Some were extremely verbose — about 1 logging line for every 2 lines of code. Others were very lacking, with maybe 1 line in 200 devoted to logging. I personally find that writing debug and informational messages about every 2 to 5 lines works well for debugging an issue, but can become cumbersome when reading through a log for analysis. I like to write warning messages when thresholds or limits are being approached — these tend to be infrequent. I log errors whenever I catch one (but I've never put a 'fatal' message in my code, because if it's truly a fatal error I probably didn't catch it). Recently I came across log4j and log4net and have begun using them both. That brings me to my question: how do the coders on Slashdot handle logging in their code?"

whatever you do, don't use nfs

[Sir_Real]

If you're using log4j, don't use multiple hosts to write to the same nfs filesystem file. You'll run into blocking issues and log4j doesn't handle them correctly. The nirvana of clustered app logging is an async JMS queue. You fire off the message and forget it. You don't wait for file handles.

Re:As little as practically possible

[Champion3]

I'd be careful about using multi-core as a crutch: if the logging code isn't written properly, it can still be a bottleneck. Last year at my office we had to excise our old logging library because it turned out that each function call to the log acquired a global critical section even if the log level threshold wasn't met. Multi core wouldn't help because it was highly likely that any given call to the log would block the calling thread.

Be careful what you log...

[gillbates]

It might come back to haunt you later.

• If it could be useful for invading someone's privacy, law enforcement will expect to have access to it. Consider, for example, that the RIAA lawsuits were enabled by the fact that ISPs logged (and kept the logs) of the IP addresses and to whom they were assigned.
• Consider how an attacker could use the logs as a means of figuring out how your software functions, and how to defeat it. "Buffer overflow on line __LINE__" - while well-intentioned - would be a bad message to log. If you must log defects, sanitize the output so that it doesn't reveal more information than is necessary for the reader to know.
• In general, don't log normal operation beyond the startup and initialization messages. Users have this uncanny habit of looking to the logs for ways to blame the software for their own ineptitude. A verbose tirade of log messages will often provide them with ample ammunition for blame deflection and result in unnecessary service calls and potential misunderstanding. Especially if the log messages are cryptic and could be misconstrued to indicate that there is a bug with your software.
• With respect to the above point, make sure that any errors which could be caused by misconfiguration or user error clearly indicate that the problem lies with the user or configuration.
• When you do have to log a bug, include only the technical information necessary for the person doing the debugging. The point is to make it sufficiently technical that you have a starting point for debugging without giving the end user something with which they can hang you. Reporting a seg fault won't do you any good if you don't have the means to determine where and why it happened.

None Inline, Use AOP

[xero314]

I just wanted to second the "as little as...possible" sentiment and take it one step further. DO NOT add any logging to your application code. If it is not essential to the logic it should not be in the code.

That being said, you can add what ever logging you want as long as you do it outside the application code, such as through AOP (if you don't know what that is then google is your new best friend).

Logging through external means has a number of benefits. First you application code is relieved from unnecessary clutter. Second the logging can be added or removed as fit for the environment with no need for any runtime checking, which is perfect for turning of all logging in production environments. And lastly it enforces good coding practices as it makes sure people break up code in a way that makes external logging possible, which is how code should be written anyway.

The majority of all logging, dare I say all useful logging, is easy to summarize.

• Starting Process... with the following conditions...
• Starting Process... with the following conditions...

This is perfect for function/method interception since it comes down to something more specific.

• Executing Function... with the following arguments... (with one of those arguments being the state of the object the function is attached to in Object Oriented Programming)
• Function... returned the following...

So simply add the first logging to an interceptor that operates before the functions you want to log, and the second after the function.

If you find yourself needing detail inside the function then you need to break the function up into sub routines, so you can use this generic logging on the sub routines instead, or as well as.

Re:taking it a big further - no logging at all

[BobGregg]

I just had occasion to try and optimize an old C++ app that was having performance issues in certain sections. This app had its own custom logging system using Unix message queues, and was always a little suspect. I noticed as I tried to instrument the code that whenever I seemed to get close to the bottleneck, the problem seemed to move to a different part of the code. Finally, it dawned on me that the log system itself was part of the problem. In fact, the log object constructor was taking significant time, including (in some places) within critical (as in lock/unlock) sections. Most critical classes had been defined with an instance of the logger as a member, which was overkill. Doing nothing more than changing the definitions of the log objects to static dropped critical section performance by an entire order of magnitude.

Moral: Do logging, but do it judiciously. Know what you're doing - and know what the log system is doing too.