I have an ASP.NET website and I am doing logging with log4net. As logging requirements change often, I want to enable PMs to modify the information that gets logged and also to be able to log extra information for debugging in production (i.e without having to recompile)
My plan is to expose certain values to log4net, for example the GET / POST params from context. To log such a param, the user would just go to the log4net config and do something like %message{userId}
I have found a way to do it using a property bag on log4net.ThreadContext but I am not sure if this doesn't have side-effects, i.e. the values are persisted for too long.
Another way is to use a forwarding appender, and inject the extra values whenever the logger gets called, but I haven't been able to implement this, there are not enough examples out there.
Any ideas?
Look at my answer to this question. The linked question and answer are specifically about adding the username from HttpContext.Current.User to the logfile, but it should be pretty easy to make a more generic solution that might fit your needs.
It might provide you with some ideas of how to incorporate information from the HttpContext into your log4net logging. There are other good ideas in that thread as well.
You should have a look at NDC (Nested Diagnostic Context) in log4net. This will provide you with to possibility to add information logging messages like setting up a stack:
using(log4net.NDC.Push("My extra info")){
}
All logmessages within the NDC scope will have the inner_context available (pattern layout format):
[%ndc] - %message%newline
Related
Is it possible (in a clean fashion) to create an audit interceptor in hibernate 2.1 and pass in a domain context to it?
What I would like to achieve is to set a Date Time (can be done easy peasy - found loadsa articles after a quick google), but setting an object e.g. a user who created the item, or altered an entity I have yet to find anything which covers this.
Since I will not know the object at application request/start up (which is where i have to register the nhibernate interceptor), does anyone know of a suitable workaround?
Thanks in advance, Mark H
You can store the user in the current session (HttpContext.Session) or use thread local data. It can then be accessed by the listener. If you go for the thread local approach, you will need to set if for each request, for instance with an HttpModule. Not perfect, but that's how I've seen it done in java (not exactly the same, but a similar approach).
I am using The Policy Injection Application Block to log methods that are called in my ASP.NET application. I would like these log entries to include information like the current user identity, whether the user is authenticated and so forth. All of this information is provided by the ManagedSecurityContextInformationProvider, but I can't figure out how to get the PIAB to use that provider and how to get that information into my log file.
I may be missing something obvious, but I can't quite figure out what it is.
Sorry to say, it looks like there is no way to get the ManagedSecurityContextInformationProvider information into method call logs. That information is usually logged in extended properties but the LogCallHandler.GetLogEntry method dumps out all of the method parameters and assigns them to the TraceLogEntry ExtendedProperties.
It seems to me that you could either modify the block to add that information or (even better) create your own Custom Call Handler based on LogCallHandler that adds the information that you require. Either option is not that much work.
I can wire up Elmah to log Exceptions in my ASP.Net application and it works well.
I also have a requirement to audit interesting events that occur in the application. For example, I must audit the "email address was changed" event and store the old and new email address.
Is it appropriate to use Elmah to log these interesting events? It doesn't seem like Elmah is configured to log anything beyond exceptions.
I could smush it in there and create a fake Exception, but that smells funny. On the other hand, it seems bad to have multiple log repositories laying around for a small application.
Is it appropriate to use Elmah as an audit repository and create fake exceptions?
Can Elmah store "info" items, in addition to exceptions?
Is there a better repository for interesting events when I'm already using Elmah?
Definitely don't use ELMAH for auditing. Either build auditing into your business logic or at the very least use something like log4net to log it somewhere else.
I think i'd probably create a sql trigger on the fields you are wanting to audit, you wont have mess about with any other applications then, SQL server will just take care of it all for you
Bumping an old post, but now there's an elmahappender for log4net
This way, you can have all the functionality of log4net, like sending info messages to elmah, and have the nice web interface of elmah to read them.
In my asp.net applications, I've typically used the Application_Error global event handler to log the error and redirect the user to a user-friendly error page.
However, I have read about ELMAH and while that seems interesting, Application_Error seems like the simpler approach.
I've read other questions where people, including myself, have suggested one way or the other. What I'm wondering is if there is any significant benefit to using one over the other and why?
Elmah is a fantastic project and we use it for all of our ASP.NET applications. Not only does it log unhandled errors for you, it grabs the entire original page that the user saw, which contains a lot of detail for you.
It has email support, RSS feeds (both itemized and digest) and has an attractive console.
For 3 lines in config and a dll reference, I'd say that's a slam dunk.
I guess the main drawback of ELMAH is that it might be overkill for what you need. If it's logging and storing more info than you would in your own implementation, that's an unnecessary overhead in storage and processing. You also need to think about how you secure access to ELMAH's console since those exception details could contain juicy details of your app (that needn't be hard, but it's a worry that you didn't have before).
On the other hand, your own implementation will probably grow to log all that extra information once you decide that some stubborn bug requires it, and do you really care about shaving fractions of a second off the time that it takes for the error page to be displayed? Chances are you'll eventually end up building your own version of ELMAH, so why not just use ELMAH and save yourself the time.
I'd recommend that if you do want to write your own error logging rather than using ELMAH, you at least put it in a module rather than straight into Application_Error in global.asax. Just subscribe to the application's Error event in your module's Init method, and you can easily reuse your error handling code in another application with a line in web.config.
I also find it useful to handle any exception logging through ASP.NET's health monitoring. This makes it easy to control the type and level of logging in web.config, and also allows logging of exceptions that were handled in a try...catch without getting as far as Application_Error. Create a custom HandledExceptionEvent class that extends WebRequestErrorEvent, and you can create and raise those events in any catch block where you'd really like to know that the exception happened even though it was handled.
I'm looking for the best way to log errors in an ASP.NET application.
I want to be able to receive emails when errors occurs in my application, with detailed information about the Exception and the current Request.
In my company we used to have our own ErrorMailer, catching everything in the Global.asax Application_Error. It was "Ok" but not very flexible nor configurable.
We switched recently to NLog. It's much more configurable, we can define different targets for the errors, filter them, buffer them (not tried yet). It's a very good improvement.
But I discovered lately that there's a whole Namespace in the .Net framework for this purpose : System.Web.Management and it can be configured in the healthMonitoring section of web.config.
Have you ever worked with .Net health monitoring? What is your solution for error logging?
I use elmah. It has some really nice features and here is a CodeProject article on it. I think the StackOverflow team uses elmah also!
I've been using Log4net, configured to email details of fatal errors. It's also set up to log everything to a log file, which is invaluable when trying to debug problems. The other benefit is that if that standard functionality doesn't do what you want it to, it's fairly easy to write a custom appender which can process the logging information as required.
Having said that, I'm using this in tandem with a custom error handler which sends out a html email with a bit more information than is included in the standard log4net emails - page, session variables, cookies, http server variables, etc.
These are both wired up in the Application_OnError event, where the exception is logged as a fatal exception in log4net (which then causes it to be emailed to a specified email address), and also handled using the custom error handler.
First heard about Elmah from the Coding Horror blog entry, Crash Responsibly, and although it looks promising I'm yet to implement it any projects.
I've been using the Enterprise Library's Logging objects. It allows you to have different types of logging (flat file, e-mail, and/or database). It's pretty customizable and has a pretty good interface for updating your web.config for the configuration of the logging. Usually I call my logging from the On Error in the Global.asax.
Here's a link to the MSDN
I use log4net and where ever I expect an exception I log it to the appropriate level. I tend not to re-throw the exception because it doesn't really allow for as-nice user experience, there is less info you can provide at the current state.
I'll have Application_Error also configured to catch any exception which was not expected and the error is logged as a Fatal priority through log4net (well, 404's are detected and logged as Info as they aren't that high severity).
My team uses log4net from Apache. It's pretty lightweight and easy to setup. Best of all, it's completely configurable from the web.config file, so once you've got the hooks in your code setup, you can completely change the way logging is done just by changing the web.config file.
log4net supports logging to a wide variety of locations - database, email, text file, Windows event log, etc. My team has it configured to send detailed error information to a database, and also send an email to the entire team with enough information for us to determine in which part of the code the error originated. Then we know who is responsible for that piece of code, and they can go to the database to get more detailed information.
I recently built an asp.net webservice with NLog, which I use for all my desktop apps. The logging works fine when I'm debugging in Visual Studio, but as soon as I switch to IIS the log file isn't created; I've not yet determined why, but it the fact that I need to look for a solution makes me want to try something else for my asp.net needs!
We use EnterpriseLibrary.ExceptionHandling.Logging. I like it a bit better than log4net because not only do we control the logging completely, but we can control the Throw/NoThrow decision within config as well.
We use a custom homegrown logging util we wrote. It requires you to implement logging on your own everywhere you need it. But, it also allows you to capture a lot more than just the exception.
For example our code would look like this:
Try
Dim p as New Person()
p.Name = "Joe"
p.Age = 30
Catch ex as Exception
Log.LogException(ex,"Err creating person and assigning name/age")
Throw ex
End Try
This way our logger will write all the info we need to a SQL database. We have email alerts set up at the DB level to look for certain errors or frequently occurring errors. It helps us identify exactly where the errors are coming from.
This might not be exactly what you're looking for. Another approach similar to using Global.asax is to us a code injection technique like AOP with PostSharp. This allows you to inject custom code at the beginning and end of every method or on every exception. It's an interesting approach but I believe it may have a heavy performance overhead.