Hi, I really liked this logging checklist by Anton Chuvakin:
http://juliusdavies.ca/logging/llclc.html ------------------------------ Best Logs: * Tell you exactly what happened: when, where, and how. * Suitable for manual, semi-automated, an automatated analysis. * Can be analyzed without having the application that produced them at hand. * Don't slow the system down. * Can be proven reliable (if used as evidence). Events To Log 1. Authentication/Authorization Decisions (including logoff) 2. System Access, Data Access 3. System/Application Changes (especially privilege changes) 4. Data Changes: 1. Add Data 2. Edit Data 3. Delete Data 5. Invalid Input (possible badness/threats) 6. Resources (RAM, Disk, CPU, Bandwidth, any other hard or soft limits) 7. Health/Availibility 1. Startups/Shutdowns 2. Faults/Errors 3. Delays 4. Backups success/failure What To Log - Every Event Should Have: 8. Timestamp + TZ (when) 9. System, Application, or Component (where) 1. IP's and contemporaneous DNS lookups of involved parties 2. Names/Roles of involved systems (what servers are we talking to?) 3. Name/Role of local application (what is this server?) 10. User (who) 11. Action (what) 12. Status (result) 13. Priority (severity, importance, rank, level, etc) 14. Reason ------------------------------ -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: log4j-user-unsubscr...@logging.apache.org For additional commands, e-mail: log4j-user-h...@logging.apache.org