Hint – you should log to be proactive not just to have your data stored
When it comes to deciding what events to log in a software application, you should consider your answers to a few important questions.
For instance, is your software in development or has it been released for production? Who will view the logs?
Developers, QA, support, advanced users? Do you only care about security issues or do you also care about performance issues? Do you care about operational events, business events or both?
The Biggest Logging Mistake
Of course the biggest logging mistake you can make is not to perform application event logging at all. Many organizations depend entirely on networking devices, operating systems or system servers, but that can be a mistake. Application event logging can give greater insight than relying solely on “infrastructure” logging alone.
Applications have access to a wide range of information that should be collected because the primary event data source is the application itself.
Much of this data is not available from infrastructure devices. Some of the more important data include information about the user, such as identity, role, and permission, as well as the context of the event, such as target, actions, and outcomes.
What Logs to Collect
From a high level, there are five categories of application logs you should collect:
- Authentication, Authorization, and Access: These events include things such as successful and failed authentication and authorizations, system access, data access and application access.
- Changes: These events include changes to systems or applications, changes to data (creation and destruction) and application installation and changes.
- Availability: Availability events include startup and shutdown of systems and applications, faults and errors that affect application availability and backup successes and failures.
- Resources: Resource issues to log include exhausted resources, exceeded capacities and connectivity issues.
- Threats: Some common threats to logs include invalid inputs and security issues known to affect the application.
The Real Benefit to Application Logging
Logs are categorized according to five different levels of severity. In order of importance they are 1) debug/verbose, 2) info, 3) warning, 4) error and 5) critical.
With the overabundance of log data available today, it’s easy to decide to limit logging events to only those that are “error” or “critical” in severity.
These types of log events are easier to deal with because they are immediately actionable.
When you see one of them, you need to do something right away. However, that overlooks the real value of application log collection and analysis.
The real value in log capture is to be able to see problems before they start. To be proactive rather than reactive.
That means gathering logs with severity levels of “info” and “warning.” To take advantage of that, you’ll also need a log analysis that can take that data and make something out of it.
How to Benefit From the Hidden Value of Logs
The usefulness of logs is actually often underestimated. Sure logs can provide plenty of opportunities to be proactive from an operational standpoint.
What most businesses fail to realize is that proactive logging also enables improved business decisions. Business intelligence is directly powered by raw logs, which opens the possibilities for driving business performance with data.
To take advantage of this, choose three business questions you must answer to know if your application is serving your business.
Then collect the logs you need to answer those questions. You’ll want to collect as many logs as possible without impacting system performance.
Collecting and analyzing application logs isn’t just for developers and it isn’t just for reacting to operational problems.
Operational problems can be averted and business decisions improved by proactively collecting and analyzing logs.
Tools that use artificial intelligence (AI) that enable you to turn your log data into a better performing business. You already have access to the information. You may as well take advantage of it.