Changes in logging feature

Identify 5.12

In version 5.12, we have implemented a number of changes to make it easier to work with Identify's logs data.

Query-able JSON log data

Before, logs are serialized using JSON format which is readable to human. However, when writing logs to a storage, Identify escaped JSON strings:

{"Type":"SEC","Message":"{\"client_id\":\"SafewhereAdmin_dev7d91783c-1903-4c1f-bf7e-6e983dcf2a24\",\"code\":\"xxx","grant_type":"authorization_code","redirect_uri":"https://contextid.safewhere.local/adminv2/signin-oidc","code_verifier":"cLqRMjmKZwcRaBe4011ndTIH04B_MLCXWfSTLrIKWf0"}},"Timestamp":"2021-08-04T03:25:36.9027677Z","IPAddress":"127.0.0.1","MachineName":"DEVBOX","UserId":"00000000-0000-0000-0000-000000000000"}

Because all the double-quotes were escaped, we couldn't query log data efficiently using tools provided by Application Insights, MongoDB, CosmosDB, or even MSSQL. In version 5.12, we fixed serialization code so that you can easily query logs using any JSON-supported log storages.

Changes in Application Insights

Thanks to the new JSON-queryable logs, you can now apply filters to customDimensions' data fields which makes it easier to do all sorts of monitoring and dashboards:

Application insights custom dimensions

Application insights custom dimensions 2

Application insights query example

  • Application Insights have some limits on the number of metrics and events per application as well as length of a custom property it can store. Especially, a custom property value's length must not exceed 8192. Therefore, when Identify needs to log a message whose length is greater than 8192 characters to Application Insights, for example a big SAML response message, it will split the message into smaller custom properties, each is suffixed with "_Chunked_xxx" where "xxx" is an incremental number starting from 002.

    Application insights property was splitted into smaller example

    • Maximum custom property's name's length is 150 characters.
    • Maximum log item's size is 64KB. If a log item sent to Application Insights exceeds this limitation, Identify will split the whole log item into smaller items, each of them will have additional information about CorrelationId, CorrelationOrder, CorrelationType, CorrelationData. Content of the original log item is stored in the CorrelationData property.

    Application insights item was splitted into smaller items example

New settings in web.config

We added some new settings to control how logs are done. We expect that you rarely need to change them though.

  • serilog:AllowRenderedMessage: when set to false, Application Insights, MongoDB, and CosmosDB will not save the RenderedMessage field.
  • serilog:AllowTemplateMessage: when set to false, Application Insights, MongoDB, and CosmosDB will not save the MessageTemplate field.
  • serilog:SkipNullValue: set to true to instruct Serilog to skill null or empty attributes when serializing data to all types of log stores; set to false to include null or empty attributes.

The following settings are used to control how Identify writes logs to text files:

  • serilog:write-to:File.rollingInterval: specifies if Serilog needs to rolls out a new file after every Minute, Hour, Day, Month, Year, or Infinite.
  • serilog:write-to:File.rollOnFileSizeLimit and serilog:write-to:File.fileSizeLimitBytes: use together with the fileSizeLimitBytes setting to let Serilog roll out a new file every time the current file reaches the limit. The default limit size is 1GB.
  • serilog:write-to:File.retainedFileCountLimit: specifies the number of days to retain log files. For example, set it to 31 if you want keep files for 31 days. Leaving it empty (which is the default value) keeps log files forever.

The following settings (found in the MSSqlServerSettingsSection section) are used to control how Identify writes logs to MSSQL:

  • RemoveStandardColumns: This configuration element in web.config instructs Serilog for MSSQL to skip some standard columns defined by Serilog.Sinks.MsSqlServer. The standard columns are Id, Message, MessageTemplate, Level, TimeStamp, Exception, Properties. By default, Identify skips MessageTemplate, Properties, Message, and Level.

Standard columns to be skip writing data if defined

  • To make it easier to query logs, we added many new columns to the Logs table instead of storing them as strings in a single column like before.

Many new columns added in MSSQL

New log events

Even though we add new log events all the time, the following events are more notable:

  • Event 8010: this event contains information about all parameters of a request. All other log events of the same request no longer have parameters logged. As a result, log size is reduced significantly.
  • Event 7004: this new BIL log type provides information about some important performance counters.
  • Event 20029: we give the REV log event that audits user's requests a new ID.