An Open Letter to Vendors on Logging: Let's Do Better

Dear IT Vendors, your logging sucks. Please take a moment to read my letter and do the rest of the world a favor and make it better.

Dear IT Vendors Everywhere,

I am going to admit that this is a very self-serving letter. It is entirely to benefit my own selfish, completely one-sided ends. Having said that, I think that we can come to a satisfactory conclusion for everyone involved. In all candor, IT Vendors, your logging sucks. Now, please don’t be offended. I mean that in the best possible way. Imagine if you will, IT Vendors, that you’re an IT person with more than 20 years experience and you come across a log like the following:

mdns_cli0_recv_swarm_config 311 swarm id has not changed

Now... I don’t know what a swarm config file is, nor do I know what a swarm id is, but that’s okay because apparently it hasn't changed. So, that’s great. Did it help solve my problem? Not even a little. You’re probably wondering, “why is he so ragey about log files today?” Stop wondering because a.) I’m ragey every day and b.) I’m going to tell you.

Developers, Make Your Logs Sensible, Please

I work with A LOT of log files every day. Some are okay and some are just horrible (I’m looking at you wireless vendors everywhere). The problem is that developers of these platforms seem to assume that users are sitting in the room with them when they are making these horrible logging decisions and will magically know what to do. Stop doing that. Make your logs sensible. Now, they don’t have to be all key value pairs (though that would be nice), but at least make them consistent. If you refer to a MAC address as 00:00:00:00:00:00, then don’t refer to it as mac-00:00:00:00:00:00 in another place... that is being a bad person!

Logging sadly, like security in a lot of cases, seems to always get tacked on at the end, or on an as-we-go basis. This is wrong. Logging should be considered upfront with guidelines written out on what to log and how to log it. The easier you make your product to troubleshoot, then the more customers will like it, and probably the more they will buy. See how that works?

Some Examples of Bad Logs:

need recovery ,1, from 172.16.16.45
900.000000 google 63 1919 22145620
Packet received from unknown port 15208 (then why are we listening on an unknown port?)

And Some Good Logging Examples:

"destination": {
"ip": "156.154.126.65",
"port": 53
}

Let's Fix This... Thanks

Notice how I only have ONE example of a piece of good logging? That’s because that was all I could really find. It is a sad, sad state of affairs and something that really needs to be fixed.

Thank you for your time and attention to this matter.

Sincerely,

The Rest of the World



Close off Canvas Menu