Journal Journal: Information for good log messages
A maximally useful log message contains a number of fixed items, usually in a fixed-format header of some sort, and text for the human reader to use to understand the implications of the problem.
From memory, the fixed information includes enough to allow for mechanical sorting by nastiness and occasionally mechanical processing:
- date/time
- origin, meaning machine- or domain-name
- source, in some detail,, including the executable name
and process id as a minimum, if applicable,
and optionally the file, function and line, it is good to make this one token, for ease of
parsing and resilience when one line has
"sendmail:parse.c:parse_it:332:1948" and another has
only "mconnect:1293"
- pre-classification, meaning the application type, error type and severity. DFAs can switch on this, and should.
The old ARPA format was error type source and severity
as three decimal digits, which you still see when
smtp says "250 ok". The 2 was permanent success, the 5
meant "the app", in this case smtp, and 0 was the severity.
I prefer ascii, not numbers (;-))
- then the text for the human, saying the meaning of the error,
the same way you're supposed to write the **meaning**
of code in comments, not just say what the code does.
Syslog does about half of this, metze's did most of it.