10 Dec

Building Supportable Systems (Log Management)

Following on from my previous post about logging this one will go a bit deeper into the logging story. There’s a fine line between too much and too little when it comes to logging. On the one hand you don’t want to skip logging something that might make it easier to diagnose a problem later one and on the other hand you don’t want to create so many verbose log entries that you just can’t find the information you need.

There are a number of options here such as manually searching for text strings in the log, through to expensive log aggregation software or services like Splunk, Logrhythm, etc. My personal favourite is a product called Seq. It’s a commercial product, but for single-user use on your local dev environment it’s free.

Seq

Seq is a windows service application which listens for log entries and stores them in a high-performance data store. The log entries can then be sorted, filtered and added to a dashboard as the user sees fit. The great advantage of Seq is that you can obtain a commercial license and centralise your logs for easier analysis of aggregated data. It’s not a “big data” log archival system like Splunk, so evaluate what you’re trying to achieve with the tool before throwing all your eggs into the basket.

One super-awesome-great thing about Seq is that there’s a log4net target available which will take your existing application’s log4net logging output and push it into a Seq server. This is great for those situations where you just want to get the logs into a manageable UI or you don’t have the time to replace your logging framework.

However, to get the greatest benefit out of Seq you need to use it with Serilog. Serilog (covered in one of my previous posts) is a structured logging framework. This means that it can log more than just lines of text, it can log meaningful object data. This data can later be filtered in Seq by using a LINQ-like query syntax.

Log.Logger = new LoggerConfiguration()
.WriteTo.Seq("http://localhost:5341/")
.Enrich.WithProperty("ComputerName", System.Net.Dns.GetHostName())
.Enrich.FromLogContext()
.CreateLogger();

using (LogContext.PushProperty("CorrelationId", Guid.NewGuid()))
{
  Log.Information("Processed order {@order}", order);
}

In the sample above Serilog will actually log some additional properties along with each log entry. It will add the Computer Name and a CorrelationId (which I’m just making a random Guid for fun). The advantage of this is that any action or logging that occurs within the scoped LogContext will have a traceable CorrelationId attached, and all logs related to this action can be filtered easily.

The other thing that will happen with the above code is that the “{@order}” format string will be automatically serialised at the time of logging and the properties of the order object will be available to be viewed, queried or filtered.

There’s plenty of good documentation on the the Seq website at http://getseq.net/. It’s well worth taking the time to download it and have a play with it alongside Serilog.

Other Options

There are plenty of other log management and aggregation tools and services. Things like Elastic Search, New Relic, LogEntries and Splunk are worth looking into for log archival, large volumes, or cloud services.