Demo code with examples for educational purpose
Linux:
- API: ptrace - process trace
- Command: strace - trace system calls and signals
- Tool: DTrace
Windows:
Reference
.NET API's:
- Debugger Output: System.Diagnostics.Debug
- Windows Event Log: System.Diagnostics.EventLog
- Tracing for Windows (ETW): System.Diagnostics.Tracing
Logging Frameworks1:
- Microsoft:
- 3rd party:
ASP.NET Core | Serilog | NLog | log4net2 | System.Diagnostics.Trace | System.Diagnostics.Tracing | PowerShell3 |
---|---|---|---|---|---|---|
Trace | Verbose | Trace | Verbose | |||
Debug | Debug | Debug | Debug | Verbose | Verbose | Debug |
Information | Information | Info | Info | Information | Informational | Information |
Warning | Warning | Warn | Warn | Warning | Warning | Warning |
Error | Error | Error | Error | Error | Error | Error |
Critical | Fatal | Fatal | Fatal | Critical | Critical | |
LogAlways |
Audience:
- Primarily intended for developers
Situations:
- Interactive investigation during development
- The finest level of verbosity is required
- Verbose output is required on a command line (e.g.
--verbose
/-v
or-vv
or-vv
in case--debug
/-d
is not supported)
Quality:
- No restrictions (loops, object dumps, SQL)
- May be noisy (repeated information)
- Entry and exit points of functions
- Might contain sensitive information
- No semantic/structured logging
Performance:
- Affects performance
Storage:
- High volume of data ought to be expected
- The information has no long-term value
- A volumen store ought to be used
Audience:
- Primarily intended for developers
Situations:
- Interactive investigation during development
- Debug output is required on a command line (e.g.
--debug
/-d
or--verbose
/-v
in case the former is not supported)
Quality:
- Usually not noisy
- The output should scale well
- Semantic/structured logging if required
Performance:
- Affects performance
Storage:
- High volume of data ought to be expected
- The information has no long-term value
- A volumen store ought to be used
Audience:
- Primarily intended for operations
Situations:
- Tracks the general flow of the application
- Startup configuration settings
- Entry and exit points of significant flow activities
- Changes to the state of the application
Quality:
- Usually not noisy
- The output should scale well
- Semantic/structured logging recommended
Performance:
- Should not affect performance
Storage:
- Low volume of data ought to be expected
- The information has usually long-term value
- A value store ought to be used
Audience:
- Primarily intended for operations
Situations:
- An abnormal or unexpected event occured, which did not cause execution to stop, but can signify sub-optimal performance or a potential problem for the future e.g. a handled exceptions.
- Usually not be used in libraries where error handling is left to the embedding code (e.g. via exceptions)
Quality:
- Not noisy
- Semantic/structured logging recommended
Performance:
- Should not affect performance
Storage:
- Low volume of data ought to be expected
- The information has usually long-term value
- A value store ought to be used
Audience:
- Primarily intended for operations
Situations:
- The flow of execution is stopped due to a failure that requires investigation
- The "2AM rule": if you're on call, do you want to be woken up at 2AM if this condition happens
- Usually not be used in libraries where error handling is left to the embedding code (e.g. via exceptions)
Quality:
- Not noisy
- Semantic/structured logging recommended
Performance:
- Should not affect performance
Storage:
- Low volume of data ought to be expected
- The information has usually long-term value
- A value store ought to be used
Audience:
- Primarily intended for operations
Situations:
- Low volume of data ought to be expected
- An unrecoverable application or system crash
- A catastrophic failure that requires immediate attention e.g. data loss
- Usually used close to the entry point of the application
Quality:
- Not noisy
- Semantic/structured logging if required
Performance:
- Should not affect performance
Storage:
- The information has usually long-term value
- A value store ought to be used
Terminology:
ASP.NET Core | Serilog | NLog | log4net | System.Diagnostics.Trace | PowerShell4 |
---|---|---|---|---|---|
Filter | Filter | Rule | Filter | Switch | Redirection |
Provider | Sink | Target | Appender | Listener | |
Category | Source Context | Logger Name | Logger Name |
- Since automation of quality assurance is not possible, logging should be subject of a manual inspection during a review
- Used during development/staging
General:
- Used in production
- Exploration
- Visualization
- Alerting
WMI:
EWT/Windows Event Log:
Local Network:
- API
- Service
Cloud:
Windows Remote Management:
Elasticsearch:
Azure:
1) Excerpt of popular frameworks for .NET at the time of writing
2) Default configuration. Additional levels available: Trace, Verbose, Notice, Alert, Severe, Emergency
3) Realizes as individuals streams beside Output
, Host
, Success
and Progress
. See also About Redirection