References - Application Logging Guidelines

Owned by John Hall (Unlicensed)
Last updated: Mar 12, 2021

Overview

This document is intended for the technical audience building an integration with the ThreatConnect Platform. This document is most applicable to someone building a Python-based integration and provides guidelines for the logging you should include in your application.

Follow the steps in this document in the order provided in order to implement this configuration within your integration.

Application Logging Guidelines

Your in-platform integrations should make appropriate use of the TcEx Framework’s logging implementation. See this article for details on general use of the implementation.

The log data that you record should be relevant in general and should also provide you with sufficient information to properly troubleshoot your application should an issue arise. For instance, Info level should be able to provide general information but, in the case of an issue, Debug level should provide sufficient detail to help resolve issues.

In addition to generally implementing this functionality, the log levels of your messages should be robust in nature and should follow this scheme (which is listed hierarchically):

  • Critical - This should be used to log messages that indicate that your application cannot continue in a given state.

  • Error - This should be used to log messages that indicate that the functionality of your application is severely limited in a given state.

  • Warning - This should be used to log messages that indicate that the functionality of your application is limited in a minor way in a given state.

  • Info - This should be used to log messages that indicate the current operation of your application and should generally provide an idea of success or failure. These messages should not be verbose in nature.

  • Debug - This should be used to log messages that indicate further detail about the current operation of your application. These messages may be verbose in nature and should provide sufficient detail to determine the state of the application at the time of the message.

The listing above is in priority order with Critical being the most restrictive logging level and Debug being the most relaxed level. The system will typically default to Warning level for jobs under normal circumstances. For example, setting the log level to Warning you will receive all messages for Warning and items listed above it.

In addition, you should never log any sensitive data on the platform (this includes any credentials or keys) directly. You may, however, log sufficiently masked versions of the sensitive data (but only if necessary).