Logs are not just streams
Via Hacker News, I recently read Logs Are Streams, Not Files. In it, Adam Wiggins suggests that because logs are just streams, your program should just write log messages to standard error as the most flexible, most stream-based way of operating on Unix.
I'm sorry, I'm a sysadmin. I just saw red.
Logs are not just streams. Logs are crucially different from streams in one respect; logs can and in fact must be segmented and sectioned periodically. In the sysadmin business, we call this 'log rolling' (or 'log rotation'), and we do it both because we don't have the disk space to keep all of your log messages forever and because it's much easier to work with relatively small chunks of logs that cover restricted time intervals than to have to work with everything from the start of time.
Writing log messages to standard error does not cope well with log
rotation. To rotate a log, your program needs to stop writing to one
file and start writing to another one, and standard error is simply a
stream; even if we ask your program nicely, it cannot close standard
error and then reopen it. This means that a program that logs to
standard error cannot be deployed as a standalone entity; we cannot run
your program as just '
program 2>/var/log/program', because that would
give us no way to rotate
/var/log/program. Instead, your program's
output must be fed to another program that actually does the work of
logging things in some manner.
This is sort of okay if you provide us with this extra program and the infrastructure to configure it and run it along with your main program. But if you simply hand us your main program and claim that its ready to go, we see red because now we have to supply the program (and the infrastructure) to actually make your logging work.
(Perhaps Unix should have a standard program for this, but it doesn't.
logger is not a good option for this even if we want things
to go to syslog.)
Comments on this page:Written on 04 April 2011.