Dear Vendors, Let’s Do Better With Logging Practices
Dear IT Vendors Everywhere,
In all candor, IT Vendors, your logging sucks. I mean that in the best possible way, so please don’t take offense. I truly believe we can come to a satisfactory conclusion for everyone involved.
Imagine if you will, IT Vendors, that you’re an IT person with more than 20 years experience and you come across a log like the following:
Now, I don’t know what a swarm config file is, nor do I know what a swarm id is, but that’s okay because apparently it hasn’t changed. So, that’s great. Did it help solve my problem? Not even a little.
Developers, please make your logs sensible
I work with A LOT of log files every day. Some are okay and some are just horrible (I’m looking at you wireless vendors). The problem is, the developers of these platforms assume that users are sitting in the room with them when they are making these horrible logging decisions and will magically know what to do. Stop doing that. Make your logs sensible.
Having said that, they don’t have to be all key value pairs (though that would be nice), but at least make them consistent. If you refer to a MAC address as 00:00:00:00:00:00, then don’t refer to it as mac-00:00:00:00:00:00 in another place… that is being a bad person!
Logging, sadly, like security in a lot of cases, seems to always get tacked on at the end, or on an as-we-go basis. This is wrong. Logging should be considered upfront with guidelines written out on what to log and how to log it. The easier you make your product to troubleshoot, then the more customers will like it, and probably the more they will buy. See how that works?
Some examples of bad logs:
And some good logging examples:
Let’s fix this
Notice how I only have ONE example of a piece of good logging? That’s because that was all I could really find. It is a sad state of affairs and something that really needs to be fixed.
Thank you for your time and attention to this matter.
Sincerely,
The Rest of the World
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.
