Dear Vendors, Let’s Do Better With Logging Practices

By |Published On: July 17th, 2014|Tags: , |

Dear IT Vendors Everywhere,

In all candor, IT Vendors, your logging sucks. I mean that in the best possible way, so please don’t take offense. I truly believe we can come to a satisfactory conclusion for everyone involved.

Imagine if you will, IT Vendors, that you’re an IT person with more than 20 years experience and you come across a log like the following:

Copy to Clipboard

Now, I don’t know what a swarm config file is, nor do I know what a swarm id is, but that’s okay because apparently it hasn’t changed. So, that’s great. Did it help solve my problem? Not even a little.

Developers, please make your logs sensible

I work with A LOT of log files every day. Some are okay and some are just horrible (I’m looking at you wireless vendors). The problem is, the developers of these platforms assume that users are sitting in the room with them when they are making these horrible logging decisions and will magically know what to do. Stop doing that. Make your logs sensible.

Having said that, they don’t have to be all key value pairs (though that would be nice), but at least make them consistent. If you refer to a MAC address as 00:00:00:00:00:00, then don’t refer to it as mac-00:00:00:00:00:00 in another place… that is being a bad person!

Logging, sadly, like security in a lot of cases, seems to always get tacked on at the end, or on an as-we-go basis. This is wrong. Logging should be considered upfront with guidelines written out on what to log and how to log it. The easier you make your product to troubleshoot, then the more customers will like it, and probably the more they will buy. See how that works?

Some examples of bad logs:

Copy to Clipboard

And some good logging examples:

Copy to Clipboard

Let’s fix this

Notice how I only have ONE example of a piece of good logging? That’s because that was all I could really find. It is a sad state of affairs and something that really needs to be fixed.

Thank you for your time and attention to this matter.

Sincerely,

The Rest of the World

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.