Add a comment

 

Re: The Other Interface

We've just been through a similar process on the .NET project I'm involved in. It's a distributed application (ASP.NET web-tier calling through to a set of middle-tier services via WCF) and everything is logged in the Windows Event Log. It's a bit weird moving from the Java world where everything is dumped out via log4j/Commons Logging to working on a system where there are no log files at all, but it kind of makes sense within the context of the environment. There are a couple of things worth mentioning about the current logging policy...
  1. Only errors are logged to the event log and, therefore, we have no informational messages at all. I'm not sure how I feel about this because it feels like I'm looking at the system with one eye closed. The reasons for this? Partially concerns over logging too much information on boxes that could be compromised by hackers and partially because nobody wants to fill up the event log with stuff that isn't deemed as important. I'd like to say that there's a good management interface, but I've not found it yet. In essence, once the system is running, it's off and running on it's own.
  2. Whenever we do log something, we always make sure sensitive information is masked (starred) out. For example, this could be bank account numbers and passwords. As an aside, I've seen a couple of large e-commerce systems that include customer names+addresses+credit card numbers in the log files. Just imagine what would happen if these fell into the wrong hands!

Re: The Other Interface


Title
Body
HTML : b, strong, i, em, blockquote, br, p, pre, a href="", ul, ol, li, sub, sup
Name
E-mail address
Website
Remember me Yes  No 

E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).