Before we talk about the importance of logging, let's define the term so that we have a better context for it. Logging is the practice of making an application record its activity at runtime to any output, where the individual record is called an event log or simply a log. This is often associated with a timestamp describing when the event occurred. The event could be anything that changes the state of the program internally or externally. Logs help you in gaining insights on an application's runtime behavior over the course of time, or in getting more context on the application state when debugging a bug. They also find their use in generating analytics reports for business purposes. This is to say that the degree of utility logging provides to a user depends mainly on the application and consumers' needs.
Now, in an application without any kind of logging integration, there are limited options for us to know about the behavior of our program at runtime. We could use external utilities such as htop in Linux to monitor our program, but this gives us a view of the program from the outside and provides limited information regarding the internals.
Information from within a program while it's running is useful for debugging purposes or can be used for runtime performance analysis. In the case of fatal failures in our program, we can get to know about the whereabouts of our program when it crashes. At the very least, the program will leave a stack trace, thus providing a bit of context on where the program went wrong. However, there are classes of bugs and events that do not cause immediate problems but later turn into fatal errors, especially in long running systems. In these cases, event logs can help quickly narrow down the issue in the program. That's where adding logging capabilities to a program becomes tremendously helpful.
Systems that benefit greatly from logging and need to rely on event logs are web services, network servers, stream processing services, and similar long running systems. In these systems, individual event logs combined with subsequent logs over the course of time, when ingested and put into analysis by a log aggregation service, can provide useful statistics about the system.
For a commercial application such as a shopping website, you can leverage log analytics to get business insights, leading to better sales. In network servers, you can find useful activity logs to track any malicious attempts made to the server such as a distributed denial of service (DDoS) attack. Developers can assess the performance of their web API endpoints by getting request-response latency figures from the collected API request logs.
Logs also serve as an important debugging context and can minimize the time that's taken in performing root cause analysis during a debugging session, where you have time constraints to fix issues that happen in production.
Sometimes, logging is the only way to do this because debuggers are not always available or applicable. This is usually the case in distributed systems and multi-threaded applications. Anyone who has done a fair amount of development within these systems is quite aware of why logging is such an important part of the software development pipeline.
There are three broad categories of users who benefit greatly from the practice of application logging:
- System administrators: They need to monitor server logs for any malfunction, for example, a hard disk crash or network failures.
- Developers: During development, integrating logs in the project can help cut down development time by a lot and can later be used to get insights into the way users use their application.
- Network security teams: In the case of any attack on a remote server, the security folks benefit greatly from logging as they can get to know how a certain attack was carried out by tracing the event logs that the victim server logged.
Being a functional component in software development practices, and providing great value in the long run, integrating logging in a system demands dedicated frameworks, and we'll see why in the next section.