Diagnostics Demo

Demo code with examples for educational purpose

Distinction

Wikipedia on Tracing

Linux:

• API: ptrace - process trace
• Command: strace - trace system calls and signals
• Tool: DTrace

Windows:

• Tracing and Instrumenting Applications

Logging and Tracing

Guidelines

Reference

• ASP.NET Core Logging Guidelines

Instrumentation

Direct Output

.NET API's:

• Debugger Output: System.Diagnostics.Debug
• Windows Event Log: System.Diagnostics.EventLog
• Tracing for Windows (ETW): System.Diagnostics.Tracing

Indirect Output

Logging Frameworks¹:

• Microsoft:
  • Logging in ASP.NET Core
  • Tracing and Instrumenting Applications (System.Diagnostics.Debug)
• 3^rd party:
  • Serilog
  • NLog
  • Apache log4net

Log-Level

ASP.NET Core	Serilog	NLog	log4net2	System.Diagnostics.Trace	System.Diagnostics.Tracing	PowerShell3
Trace	Verbose	Trace				Verbose
Debug	Debug	Debug	Debug	Verbose	Verbose	Debug
Information	Information	Info	Info	Information	Informational	Information
Warning	Warning	Warn	Warn	Warning	Warning	Warning
Error	Error	Error	Error	Error	Error	Error
Critical	Fatal	Fatal	Fatal	Critical	Critical
					LogAlways

Verbose/Trace

Audience:

• Primarily intended for developers

Situations:

• Interactive investigation during development
• The finest level of verbosity is required
• Verbose output is required on a command line (e.g. --verbose/-v or -vv or -vv in case --debug/-d is not supported)

Quality:

• No restrictions (loops, object dumps, SQL)
• May be noisy (repeated information)
• Entry and exit points of functions
• Might contain sensitive information
• No semantic/structured logging

Performance:

• Affects performance

Storage:

• High volume of data ought to be expected
• The information has no long-term value
• A volumen store ought to be used

Debug

Audience:

• Primarily intended for developers

Situations:

• Interactive investigation during development
• Debug output is required on a command line (e.g. --debug/-d or --verbose/-v in case the former is not supported)

Quality:

• Usually not noisy
• The output should scale well
• Semantic/structured logging if required

Performance:

• Affects performance

Storage:

• High volume of data ought to be expected
• The information has no long-term value
• A volumen store ought to be used

Information/Info

Audience:

• Primarily intended for operations

Situations:

• Tracks the general flow of the application
• Startup configuration settings
• Entry and exit points of significant flow activities
• Changes to the state of the application

Quality:

• Usually not noisy
• The output should scale well
• Semantic/structured logging recommended

Performance:

• Should not affect performance

Storage:

• Low volume of data ought to be expected
• The information has usually long-term value
• A value store ought to be used

Warning/Warn

Audience:

• Primarily intended for operations

Situations:

• An abnormal or unexpected event occured, which did not cause execution to stop, but can signify sub-optimal performance or a potential problem for the future e.g. a handled exceptions.
• Usually not be used in libraries where error handling is left to the embedding code (e.g. via exceptions)

Quality:

• Not noisy
• Semantic/structured logging recommended

Performance:

• Should not affect performance

Storage:

• Low volume of data ought to be expected
• The information has usually long-term value
• A value store ought to be used

Error

Audience:

• Primarily intended for operations

Situations:

• The flow of execution is stopped due to a failure that requires investigation
• The "2AM rule": if you're on call, do you want to be woken up at 2AM if this condition happens
• Usually not be used in libraries where error handling is left to the embedding code (e.g. via exceptions)

Quality:

• Not noisy
• Semantic/structured logging recommended

Performance:

• Should not affect performance

Storage:

• Low volume of data ought to be expected
• The information has usually long-term value
• A value store ought to be used

Fatal/Critical

Audience:

• Primarily intended for operations

Situations:

• Low volume of data ought to be expected
• An unrecoverable application or system crash
• A catastrophic failure that requires immediate attention e.g. data loss
• Usually used close to the entry point of the application

Quality:

• Not noisy
• Semantic/structured logging if required

Performance:

• Should not affect performance

Storage:

• The information has usually long-term value
• A value store ought to be used

Filtering

Terminology:

ASP.NET Core	Serilog	NLog	log4net	System.Diagnostics.Trace	PowerShell4
Filter	Filter	Rule	Filter	Switch	Redirection
Provider	Sink	Target	Appender	Listener
Category	Source Context	Logger Name	Logger Name

Quality Assurance

• Since automation of quality assurance is not possible, logging should be subject of a manual inspection during a review

Profiling

Characteristcs

• Used during development/staging

Tutorials

General:

• Profiling Overview
• Creating a Custom .NET Profiler

Monitoring

Characteristics

• Used in production

Features

• Exploration
• Visualization
• Alerting

Instrumentation

Performance

WMI:

• Windows Management Instrumentation
• Performance Counters in the .NET Framework

Events

EWT/Windows Event Log:

• FAQ: Common Questions for ETW and Windows Event Log

Telemetrie

Local Network:

• API
  • WS-Management (Windows Remote Management)
• Service
  • Beats and Logstash in an ELK-Stack

Cloud:

• Azure Monitor
• Google Stackdriver
• Sentry
• Elmah
• Graylog GELF
• KissLog

Clients

Windows Remote Management:

• Creating WMI Clients

Elasticsearch:

• Kibana in an ELK-Stack

Azure:

• Azure Monitor

1) Excerpt of popular frameworks for .NET at the time of writing

2) Default configuration. Additional levels available: Trace, Verbose, Notice, Alert, Severe, Emergency

3) Realizes as individuals streams beside Output, Host, Success and Progress. See also About Redirection