RELATED Lessons
SHARE ARTICLE
Capturing the Most Critical Information Within Your Logs
Learning Objectives
- Learn the importance of Request Data
- Enable faster analysis of application failures
- Learn the benefits of audit logging
The benefits of logging cannot be overstated. Capturing the right information within your logs and analyzing the data effectively can be the difference between quickly identifying and resolving a problem within your application or failing to do so in a timely manner. Furthermore, collecting pertinent information via logging can ensure that the necessary audit trails exist, and it can even assist organizations in making decisions proactively to ensure that their customers are receiving the best service possible.
Below, I will discuss some of the most important information that should be logged as well as the ways in which organizations can leverage logs to realize the wide range of benefits mentioned above.
Ensuring Application Stability and Analyzing User Behavior Through the Collection of Request Data
Request information represents some of the most valuable data that an organization can record. Typically logged by the web server itself, request data (Apache access logs, NGINX access logs, etc.) consists of a variety of information, including the date and time of the request, the IP address of the client machine making the request, the request type, the requested resource, the HTTP referer, the HTTP status code returned to the client, the user agent, and more.
Capturing and analyzing request data can provide crucial insight into application stability as well as how the application is being used. For instance, a significant number of requests returning an HTTP status code of 500 can be indicative of a problem that needs to be addressed immediately. By monitoring this data, incident response teams become aware of these types of problems at the earliest possible point, enabling them to begin root cause analysis and issue resolution quickly.
In addition, collecting and analyzing data such as the date and time of requests, the resource being requested, the user agent, and the referer can provide insights into application usage that can prove to be of great importance to the business. These insights can reveal when the application is being used most heavily, where these users are coming from, which content users are requesting, and the most common browsers being used to access the application. These details empower teams to be proactive in ensuring that their applications perform well during periods of high traffic, that they function properly for all customers as the browser landscape changes, and more.
Error Logging at the Application Level: Enabling Faster Analysis of Application Failures
As any developer will tell you, when an error occurs within one of their applications, the error logs are incredibly valuable. Proper error logs should provide the information necessary to assist the developer in reproducing the problem and narrowing down the root cause. Error logging can mean recording the exception and full stack trace when an error occurs, thereby enabling the developer to traverse the function calls that led to the problem and begin working on a permanent solution in a timely manner.
In addition, error logs can contain clear messages to help developers quickly contextualize the problem. For example, think of a method that takes in a required parameter. If the parameter is null and the method throws an exception, a clear and concise message could be written to the error log to help make the cause of the failure as obvious as possible to the developer. In this particular instance, the message may read something like, “parameter X cannot be null for method Y.”
Audit Logging and Its Benefits
In many cases, it is a good security practice to include audit logging within an application. In fact, in some industries, this may even be necessary in order to remain in compliance with various standards. For example, applications that manage electronically protected health information (ePHI) must adhere to HIPAA logging requirements.
At a high level, comprehensive audit logging should be implemented in a manner that provides the necessary personnel with details about who is using the system and how they are using it. This means:
- Logging both successful and unsuccessful login attempts for all users,
- Logging information detailing the data that is being accessed by each user while he or she is using the application,
- And — as part of each CRUD operation executed by a user — recording the user ID of the person making the change, the timestamp denoting when the data was changed, and information about how the data was manipulated.
While some applications may require less granular audit logs than others, it’s important to remember the value of including extensive and detailed audit logging within an application. By doing so, organizations gain access to several key benefits. For one, tracking application usage at a detailed level allows organizations to more easily identify and respond to instances of misuse. Moreover, by creating a trail for the review of problematic data manipulation, these data changes can be efficiently evaluated and more easily reversed.
Wrapping Up
As one of the most powerful tools in the IT arsenal, logs can be used for a variety of purposes, including ensuring system availability, analyzing user interactions, and more. They can also serve as a resource when debugging issues within an application.
By being sure to log the most critical information, organizations can better position themselves to leverage logs for these purposes. This means logging request data, error information, and all details necessary to produce a valuable audit trail (including login attempts, data access details, details regarding all CRUD operations, and so on).