About This Document

Official R1 documentation snapshot in  https://onap.readthedocs.io/en/latest/submodules/logging-analytics.git/docs/

THIS was a DRAFT WIP for R1 - ONAP Amsterdam Release - it is deprecatedTHIS IS A DRAFT.

This document specifies logging conventions to be followed by ONAP component applications.

...

ONAP logging is intended to support operability, debugging and reporting on ONAP. These guidelines address:

...

Java is assumed, but conventions may also be implemented by non-Java components. 

Original ONAP Logging guidelines: https://wiki.onap.org/download/attachments/1015849/ONAP%20application%20logging%20guidelines.pdf?api=v2

Introduction

The purpose of ONAP logging is to capture information needed to operate, troubleshoot and report on the performance of the ONAP platform and its constituent components. Log records may be viewed and consumed directly by users and systems, indexed and loaded into a datastore, and used to compute metrics and generate reports. 

...

Providers

Logging providers are abstracted by SLF4J and/or EELF.Providers are normally normally enabled by their presence in the classpath. This means the decision may have been made for you, in some cases implicitly by dependencies. If you have a strong preference then you can change providers, but since the implementation is typically abstracted behind EELF or SLF4J, it may not be worth the effort.

...

Logback is the most commonly used provider. It is generally configured by an XML document named logback.xml. See Configuration. 

Log4j 2.X

Log4j 2.X is somewhat less common than Logback, but equivalent. It is generally configured by an XML document named log4j.xml.  See Configuration.

Log4j 1.X

Log4j Avoid, since 1.X is EOL. See , and since it does not support escaping, so its output may not be machine-readable. See https://logging.apache.org/log4j/1.2/.

Avoid, since it does not support escaping, so its output may not be machine-readable.

This affects existing OpenDaylight-based components like SDNC and APPC, primarily, since it bundles since ODL releases prior to Carbon bundle Log4j 1.X, and makes make it very difficult to replace. With OpenDaylight Carbon, the Log4j provider should update to 2.XThe Common Controller SDK Project project targets ODL Carbon, so the problem should resolve in time.

What to Log

The purpose of logging is to capture diagnostic information.

An important aspect of this is analytics, and tracking which requires tracing of requests between components. In a large, distributed system such as ONAP this is critical to understanding behavior and performance. 

...

Messages, Levels, Components and Categories

It isn't really the the purpose aim of this document to reiterate the basics, so advice here is only general: 

• Use a logger. Consider using EELF. 
• Write log messages in English.
• Write meaningful messages. Consider what will be useful to consumers of logger output. 
• Use errorcodes to characterise exceptions.
• Log Write at the appropriate level. Be aware of the volume of logs that will be produced.
• Log in a machine-readable format. See Conventions.
• Log for analytics as well as troubleshooting.

...

• http://www.masterzen.fr/2013/01/13/the-10-commandments-of-logging/
• https://www.loggly.com/blog/how-to-write-effective-logs-for-remote-logging/
• And so on.

Context

TODO: more on the importance of transaction ID propagation.

MDCs

A Mapped Diagnostic Context (MDC) allows an arbitrary string-valued attribute to be attached to a Java thread. The MDC's value is then emitted with each log message.  The set of MDCs associated with a log message is serialized as unordered name-value pairs (see Text Output).

A good discussion of MDCs can be found at https://logback.qos.ch/manual/mdc.html. 

...

• All reported MDCs are logged with both name AND value. Logging output should not treat any MDCs as special.
• All MDC names and values are escaped.

Escaping in Logback configuration can be achieved with:

%replace(%replace(%mdc){'\t','\\\\t'}){'\n','\\\\n'}

...

This is often referred to by other names, including "Transaction ID", and one of several (pre-standardization) REST header names .including X-ECOMP-RequestID and X-ONAP-RequestID.

ONAP ONAP logging uses a universally unique "RequestID" value in log records to track the processing of each client request across all the ONAP components involved in its processing.

...

The proposed approach is that:

• Callers:
  • Issue a new, unique InvocationID UUID for each downstream call they make. 
  • Log the intent new InvocationID, indicating the intent to invoke with :
    • With Markers INVOKE, and SYNCHRONOUS if the invocation is synchronous.
    • With their own InvocationID still set as an MDC.
  • Pass the InvocationID as an X-InvocationID REST header.
• Invoked components:
  • Retrieve the InvocationID from REST headers upon invocation, or generate a UUID default. 
  • Set the InvocationID MDC.
  • Write a log entry with the Marker ENTRY. (In EELF this will be to the AUDIT log).
  • Act as per Callers in all downstream requests. 
  • Write a log entry with the Marker EXIT upon return. (In EELF this will be to the METRIC log).
  • Unset the InvocationID MDC all MDCs on exit.

That seems onerous, but:

• It's only a few calls. 
• It can probably be largely abstracted in the case of EELF logging.

TODO: code.

MDCs -

...

the Rest

Other MDCs are logged in a wide range of contexts.

Certain MDCs and their semantics may be specific to EELF log types.

TODO: cross-reference EELF output to v1 doc.

Examples

Markers

Markers differ from MDCs in two important ways:

1. They have a name, but no value. They are a tag. 
2. Their scope is limited to logger calls which specifically reference them; they are not ThreadLocal. 

Logging

SDC-BE

20170907: audit.log

root@ip-172-31-93-160:/dockerdata-nfs/onap/sdc/logs/SDC/SDC-BE# tail -f audit.log
2017-09-07T18:04:03.679Z|||||qtp1013423070-72297||ASDC|SDC-BE|||||||N/A|INFO||||10.42.88.30||o.o.s.v.r.s.VendorLicenseModelsImpl||ActivityType=<audit>, Desc=< --Audit-- Create VLM. VLM Name: lm4>

TODO: this is the earlier output format. Let's find an example which matches the latest line format.

Markers

Markers differ from MDCs in two important ways:

1. They have a name, but no value. They are a tag. 
2. Their scope is limited to logger calls which specifically reference them; they are not ThreadLocal. 

Logging

Via SLF4J:

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;
// ...
final Logger logger = LoggerFactory.getLogger(this.getClass());
final Marker marker = MarkerFactory.getMarker("MY_MARKER");
logger.warn(marker, "This warning has a 'MY_MARKER' annotation.");

EELF does not allow Markers to be set directly. See notes on the InvocationID MDC.

Serializing

Marker names also need to be escaped, though they're much less likely to contain problematic characters than MDC values.

Escaping in Logback configuration can be achieved with:

%replace(%replace(%marker){'\t','\\\\t'}){'\n','\\\\n'}

Marker - ENTRY

This should be reported as early in invocation as possible, immediately after setting the RequestID and InvocationID MDCs.

It can be automatically set by EELF, and written to the AUDIT log. 

It must be manually set otherwise. 

EELF:

//TODO

SLF4J:

public static final Marker ENTRY = MarkerFactory.getMarker("ENTRY");
// ... 
final Logger logger = LoggerFactory.getLogger(this.getClass());
logger.debug(ENTRY, "Entering.");

Marker - EXIT

This should be reported as late in invocation as possible, immediately before unsetting the RequestID and InvocationID MDCs.

It can be automatically reported by EELF, and written to the METRIC log. 

It must be manually set otherwise.

EELF:

//TODO

SLF4J:

public static final Marker EXIT = MarkerFactory.getMarker("EXIT");
// ... 
final Logger logger = LoggerFactory.getLogger(this.getClass());
logger.debug(EXIT, "Exiting.");

Marker - INVOKE

This should be reported by the caller of another ONAP component via REST, including a newly allocated InvocationID, which will be passed to the caller. 

SLF4J:

public static final Marker INVOKE = MarkerFactory.getMarker("INVOKE");
// ...

// Generate and report invocation ID. 

final String invocationID = UUID.randomUUID().toString();
MDC.put(MDC_INVOCATION_ID, invocationID);
try {
    logger.debug(INVOKE_SYNCHRONOUS, "Invoking synchronously ... ");
}
finally {
    MDC.remove(MDC_INVOCATION_ID);
}

// Pass invocationID as HTTP X-InvocationID header.

callDownstreamSystem(invocationID, ... );

TODO: EELF, without changing published APIs.

Marker - SYNCHRONOUS

This should accompany INVOKE when the invocation is synchronous.

Via SLF4J:

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;
// ...
final Logger logger = LoggerFactory.getLogger(this.getClass());
final Marker marker = MarkerFactory.getMarker("MY_MARKER");
logger.warn(marker, "This warning has a 'MY_MARKER' annotation.");

EELF does not allow Markers to be set directly. See notes on the InvocationID MDC.

Serializing

Marker names also need to be escaped, though they're much less likely to contain problematic characters than MDC values.

In Logback:

%replace(%replace(%marker){'\t','\\\\t'}){'\n','\\\\n'}

Marker - ENTRY

This should be reported as early in invocation as possible, immediately after setting the RequestID and InvocationID MDCs.

It can be automatically set by EELF, and written to the AUDIT log. 

It must be manually set otherwise:

Marker - EXIT

This should be reported as late in invocation as possible, immediately before unsetting the RequestID and InvocationID MDCs.

It can be automatically reported by EELF, and written to the METRIC log. 

It must be manually set otherwise.

Marker - INVOKE

This should be reported by the caller of another ONAP component via REST, including a newly allocated InvocationID, which will be passed to the caller. 

TODO: EELF.

Marker - SYNCHRONOUS

This should accompany INVOKE when the invocation is synchronous.

TODO: EELF.

...

public static final Marker INVOKE_SYNCHRONOUS;
static {
    INVOKE_SYNCHRONOUS = MarkerFactory.getMarker("INVOKE");
    INVOKE_SYNCHRONOUS.add(MarkerFactory.getMarker("SYNCHRONOUS"));
}
// ...

// Generate and report invocation ID. 

final String invocationID = UUID.randomUUID().toString();
MDC.put(MDC_INVOCATION_ID, invocationID);
try {
    logger.debug(INVOKE_SYNCHRONOUS, "Invoking synchronously ... ");
}
finally {
    MDC.remove(MDC_INVOCATION_ID);
}

// Pass invocationID as HTTP X-InvocationID header.

callDownstreamSystem(invocationID, ... );

TODO: EELF, without changing published APIs. 

Errorcodes

Errorcodes are reported as MDCs. 

Exceptions should be accompanied by an errrorcode. Typically this is achieved by incorporating errorcodes into your exception hierarchy and error handling. ONAP components generally do not share this kind of code, though EELF defines a marker interface (meaning it has no methods) EELFResolvableErrorEnum.

A common convention is for errorcodes to have two components:

1. A prefix, which identifies the origin of the error. 
2. A suffix, which identifies the kind of error.

Suffixes may be numeric or text. They may also be common to more than one component.

For example:

COMPONENT_X.STORAGE_ERROR

Output Format

Several considerations:

...

ONAP needs to strike a balance between human-readable and machine-readable logs. This means:

• The use of tab as a (\t) as a delimiter.
• Escaping all messages, exceptions, MDC values, Markers, etc. to replace tabs in their content.
• Escaping all newlines with \n so that each entry is on one line. 

...

The output of which, with MDCs, a Marker and a nested exception, with newlines added for readability looks like:

TODO: remove tab below

org.onap.example.component1.subcomponent1.LogbackTest
\t2017-08-06T16:09:03.594Z
\tERROR
\tHere's an error, that's usually bad
\tkey1=value1, key2=value2 with space, key5=value5"with"quotes, key3=value3\nwith\nnewlines, key4=value4\twith\ttabs
\tjava.lang.RuntimeException: Here's Johnny
\n\tat org.onap.example.component1.subcomponent1.LogbackTest.main(LogbackTest.java:24)
\nWrapped by: java.lang.RuntimeException: Little pigs, little pigs, let me come in
\n\tat org.onap.example.component1.subcomponent1.LogbackTest.main(LogbackTest.java:27)
\tAMarker1
\tmain     

...

Configuration archetypes can easily be found in the ONAP codebase. Choose according to your provider, and whether you're logging via EELF. Efforts to standardize them are underway. Efforts to standardize them are underway, so the ones you should be looking for are where pipe (|) is used as a separator. (Previously it was "|").

Retention

Logfiles are often large. Logging providers allow retention policies to be configured. 

Retention has to balance:

...

1. Files <= 50MB before rollover. 
2. Files retain for 30 days. 
3. Total files capped at 10GB. 

In logback Logback configuration XML:

<property name="queueSize" value="256"/>
<property name="maxFileSize" value="50MB"/>
<property name="maxHistory" value="30"/>
<property name="totalSizeCap" value="10GB"/>

<appender name="file" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>${outputDirectory}/${outputFilename}.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
        <fileNamePattern>${outputDirectory}/${outputFilename}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
        <maxFileSize>${maxFileSize}<<maxFileSize>50MB</maxFileSize>
        <maxHistory>${maxHistory}<<maxHistory>30</maxHistory>
        <totalSizeCap>${totalSizeCap}<<totalSizeCap>10GB</totalSizeCap>
    </rollingPolicy>
    <encoder>
        <charset>UTF-8</charset>
        <pattern>${defaultPattern}</pattern><!-- ... -->
    </encoder>
</appender>

Types of EELF Logs

...

1. Conventions regarding configuration, line format and output. 
2. Obligations regarding context propagationEnsuring the propagation of contextual information. 

You must:

1. Choose a Logging provider and/or EELF. Decisions, decisions.
2. Create a configuration file based on an existing archetype. See Configuration.
3. Read your configuration file when your components initialize logging.
4. Write logs to a standard location so that they can be shipped by Filebeat for indexing. See Output Location.
5. Report transaction state:
   1. Retrieve, default and propagate RequestID.  See MDC - RequestID.
   2. At each invocation of one ONAP component by another:
      1. Initialize and propagate InvocationID.  See MDC - Invocation ID.
      2. Report INVOKE and SYNCHRONOUS markers in caller. 
      3. Report ENTRY and EXIT markers in recipient. 
6. Write useful logs!

 They are unordered.