[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Proposal for Logging in Svnserve

From: nick vajberg <nickvajberg_at_yahoo.dk>
Date: 2005-07-13 23:03:48 CEST

>Mark Benedetto King <mbk@lowlatency.com> wrote:
> My guess is that your complex Java application
> actually
> has two logging facilities:
>
> 1.) Application-level audit-logging of things like
> "user
> logged in", "user logged out", "user changed
> password", and
> perhaps even "user ran report Foo with criteria
> Bar".
>
[...]
>
> If your application doesn't have this, it probably
> isn't SOX compliant.

Huh?

> 2.) log4j, for troubleshooting, monitoring,
> debugging,
> tuning, etc.

In the last three or four java apps our shop rolled
out, we used log4j exclusively for logging purposes.
At least a couple of the third-party library does the
same, hence everyhing gets into the same log file, in
the same format and under the same log-level regime.
If we suspect a bug (in our software or third-party
software) we increase the log level and start
analysing - in addition to debugging, etc, of course.
 
> log4j is great at (2), it's not-so-great at (1),
> especially in environments where the audit trail
> is extremely important (think SOX compliance).

Audit trails and technical logging has absolutely
nothing to do with each other. Audit trails belong in
a database you take backup of. Technical log entries
belong in a disposable file.

IMHO.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 13 23:04:27 2005

This is an archived mail posted to the Subversion Dev mailing list.