rc3.org - Rethinking log messages

Rethinking log messages

In Commentary on 27 December 2011 tagged infrastructure, software development with 4 comments

Paul Querna has written an interesting post arguing that developers should rethink how they handle logging — using a robust, machine-readable format (like JSON) rather than human-readable strings that are formatted so that each log entry is a single line long.

The big change is not in how you create log messages but rather in how you consume them. Right now, when a user notices an error, I tend to immediately log into the server and start looking for the log messages associated with the transaction in question using grep or my favorite pager.

Were I to log everything in a machine-readable format, it would make sense to have a more robust tool to parse the logs. Finding or building such a tool is doable, but it becomes yet another project. You need management to sign off on it, the systems administrators to agree to the infrastructure change, and someone to actually choose, test, and deploy the new tool for dealing with logs. Then you have to teach everyone who’s used to finding things in the old logs how to find things in the new logs.

That’s how things that seem like a great idea find a way to never become reality.

4 Comments

We do normal line based logging from Apache and Python. We ALSO log machine readable exception messages originally in zilch written specifically for our systems, but have recently moved to using sentry/raven. The combined system works great, but I admit I still mostly just grep in the error logs.

Posted by Gavin on 27 December 2011 @ 1am

If you haven’t seen it before, one of the Disqus developers has been working on https://github.com/dcramer/sentry which has some of these concepts. It integrates well with logging implementations which allow you to provide structured data so human-readable strings can be generated when necessary but your aggregator can e.g. group entries based on the original format string (e.g. “error opening file %s”). There’s an HTTP transport so you can use things other than Python to report logs and still use the Django app for reporting.

Posted by Chris Adams on 27 December 2011 @ 1pm

Machine parsing of log files is one reason tools like Splunk are popular. Out of the box it knows how to consume common log formats, and I can go to the web console and search for events filtering by the client IP address, the response code, the request URL, etc.

Posted by Bill Humphries on 27 December 2011 @ 3pm

Lennart has RH going full speed ahead /w “Journal,” a structured logging system.

Posted by rektide on 31 December 2011 @ 10am

Leave a Comment

← Garret Vreeland on 12 years of blogging Why maximizing shareholder value is no way to run a company →

About

This is the weblog of Rafe Colburn. I'm a software developer and computer book author, but this blog is really about whatever catches my interest on a day to day basis. I've been blogging since December, 1998.

Recently

Visit the full archive

Et Cetera

You can follow @rc3dotorg on Twitter here. My personal Twitter account is @rafeco. If you know what an RSS feed is, you can subscribe to the rc3.org feed here.

← Back to Home

© rc3.org. Powered by WordPress using the DePo Skinny Theme.