1 About This Document
2 Introduction
3 How to Log
- 3.1 EELF
- 3.2 SLF4J
- 3.3 Providers
  - 3.3.1 Logback
  - 3.3.2 Log4j 2.X
  - 3.3.3 Log4j 1.X
4 What to Log
- 4.1 Messages, Levels, Components and Categories
- 4.2 Context
  - 4.2.1 MDCs
    - 4.2.1.1 Logging
    - 4.2.1.2 Serializing
    - 4.2.1.3 MDC - RequestID
    - 4.2.1.4 MDC - InvocationID
    - 4.2.1.5 MDCs - the Rest
  - 4.2.2 Examples
    - 4.2.2.1 SDC-BE
  - 4.2.3 Markers
    - 4.2.3.1 Logging
    - 4.2.3.2 Serializing
    - 4.2.3.3 Marker - ENTRY
      - 4.2.3.3.1 EELF
      - 4.2.3.3.2 SLF4J
    - 4.2.3.4 Marker - EXIT
      - 4.2.3.4.1 EELF
      - 4.2.3.4.2 SLF4J
    - 4.2.3.5 Marker - INVOKE
      - 4.2.3.5.1 SLF4J
    - 4.2.3.6 Marker - SYNCHRONOUS
      - 4.2.3.6.1 SLF4J
- 4.3 Errorcodes
- 4.4 Output Format
  - 4.4.1 Text Output
  - 4.4.2 XML Output
- 4.5 Output Location
- 4.6 Configuration
  - 4.6.1 Locations
  - 4.6.2 Reconfiguration
  - 4.6.3 Overrides
  - 4.6.4 Archetypes
- 4.7 Retention
5 Types of EELF Logs
- 5.1 Audit Log
- 5.2 Metric Log
- 5.3 Error Log
- 5.4 Debug Log
- 5.5 Engine.out
6 New ONAP Component Checklist

About This Document

Official R1 documentation snapshot in https://onap.readthedocs.io/en/latest/submodules/logging-analytics.git/docs/

THIS was a DRAFT WIP for R1 - ONAP Amsterdam Release - it is deprecated

This document specifies logging conventions to be followed by ONAP component applications.

ONAP logging is intended to support operability, debugging and reporting on ONAP. These guidelines address:

Events that are written by ONAP components.
Propagation of transaction and invocation information between components.
MDCs, Markers and other information that should be attached to log messages.
Human- and machine-readable output format(s).
Files, locations and other conventions.

Java is assumed, but conventions may also be implemented by non-Java components.

Original ONAP Logging guidelines: https://wiki.onap.org/download/attachments/1015849/ONAP%20application%20logging%20guidelines.pdf?api=v2

Introduction

The purpose of ONAP logging is to capture information needed to operate, troubleshoot and report on the performance of the ONAP platform and its constituent components. Log records may be viewed and consumed directly by users and systems, indexed and loaded into a datastore, and used to compute metrics and generate reports.

The processing of a single client request will often involve multiple ONAP components and/or subcomponents (interchangeably referred to as ‘application’ in this document). The ability to track flows across components is critical to understanding ONAP’s behavior and performance. ONAP logging uses a universally unique RequestID value in log records to track the processing of every client request through all the ONAP components involved in its processing.

A reference configuration of Elastic Stack can be deployed using ONAP Operations Manager.

This document gives conventions you can follow to generate conformant, indexable logging output from your component.

How to Log

ONAP prescribes conventions. The use of certain APIs and providers is recommended, but they are not mandatory. Most components log via EELF or SLF4J to a provider like Logback or Log4j.

EELF

EELF is the Event and Error Logging Framework, described at https://github.com/att/EELF.

EELF abstracts your choice of logging provider, and decorates the familiar Logger contracts with features like:

Localization.
Error codes.
Generated wiki documentation.
Separate audit, metric, security and debug logs.

EELF is a facade, so logging output is configured in two ways:

By selection of a logging provider such as Logback or Log4j, typically via the classpath.
By way of a provider configuration document, typically logback.xml or log4j.xml. See Providers.

SLF4J

SLF4J is a logging facade, and a humble masterpiece. It combines what's common to all major, modern Java logging providers into a single interface. This decouples the caller from the provider, and encourages the use of what's universal, familiar and proven.

EELF also logs via SLF4J's abstractions.

Providers

Logging providers are normally enabled by their presence in the classpath. This means the decision may have been made for you, in some cases implicitly by dependencies. If you have a strong preference then you can change providers, but since the implementation is typically abstracted behind EELF or SLF4J, it may not be worth the effort.

Logback

Logback is the most commonly used provider. It is generally configured by an XML document named logback.xml. See Configuration.

Log4j 2.X

Log4j 2.X is somewhat less common than Logback, but equivalent. It is generally configured by an XML document named log4j.xml. See Configuration.

Log4j 1.X

Avoid, since 1.X is EOL, and since it does not support escaping, so its output may not be machine-readable. See https://logging.apache.org/log4j/1.2/.

This affects existing OpenDaylight-based components like SDNC and APPC, since ODL releases prior to Carbon bundle Log4j 1.X, and make it difficult to replace. The Common Controller SDK Project project targets ODL Carbon, so the problem should resolve in time.

What to Log

The purpose of logging is to capture diagnostic information.

An important aspect of this is analytics, which requires tracing of requests between components. In a large, distributed system such as ONAP this is critical to understanding behavior and performance.

Messages, Levels, Components and Categories

It isn't the aim of this document to reiterate the basics, so advice here is general:

Use a logger. Consider using EELF.
Write log messages in English.
Write meaningful messages. Consider what will be useful to consumers of logger output.
Use errorcodes to characterise exceptions.
Log at the appropriate level. Be aware of the volume of logs that will be produced.
Log in a machine-readable format. See Conventions.
Log for analytics as well as troubleshooting.

Others have written extensively on this:

Context

TODO: more on the importance of transaction ID propagation.

MDCs

A Mapped Diagnostic Context (MDC) allows an arbitrary string-valued attribute to be attached to a Java thread. The MDC's value is then emitted with each log message. The set of MDCs associated with a log message is serialized as unordered name-value pairs (see Text Output).

A good discussion of MDCs can be found at https://logback.qos.ch/manual/mdc.html.

MDCs:

Must be set as early in invocation as possible.
Must be unset on exit.

Logging

Via SLF4J:

import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
// ...
final Logger logger = LoggerFactory.getLogger(this.getClass());
MDC.put("SomeUUID", UUID.randomUUID().toString());
try {
    logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached.");
    // ...
}
finally {
    MDC.clear();
}

EELF doesn't directly support MDCs, but SLF4J will receive any MDC that is set (where com.att.eelf.configuration.SLF4jWrapper is the configured EELF provider):

import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
// ...
final EELFLogger logger = EELFManager.getInstance().getLogger(this.getClass());
MDC.put("SomeUUID", UUID.randomUUID().toString());
try {
    logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached.");
    // ...
}
finally {
    MDC.clear();
}

Serializing

Output of MDCs must ensure that:

All reported MDCs are logged with both name AND value. Logging output should not treat any MDCs as special.
All MDC names and values are escaped.

Escaping in Logback configuration can be achieved with:

%replace(%replace(%mdc){'\t','\\\\t'}){'\n','\\\\n'}

MDC - RequestID

This is often referred to by other names, including "Transaction ID", and one of several (pre-standardization) REST header names including X-ECOMP-RequestID and X-ONAP-RequestID.

ONAP logging uses a universally unique "RequestID" value in log records to track the processing of each client request across all the ONAP components involved in its processing.

This value:

Is logged as a RequestID MDC.
Is propagated between components in REST calls as an X-TransactionID HTTP header.

Receiving the X-TransactionID will vary by component according to APIs and frameworks. In general:

import javax.ws.rs.core.HttpHeaders;
// ...
final HttpHeaders headers = ...;
// ...
String txId = headers.getRequestHeaders().getFirst("X-TransactionID");
if (StringUtils.isBlank(txId)) {
	txId = UUID.randomUUID().toString();
}
MDC.put("RequestID", txID);

Setting the X-TransactionID likewise will vary. For example:

final String txID = MDC.get("RequestID");
HttpURLConnection cx = ...;
// ...
cx.setRequestProperty("X-TransactionID", txID);

MDC - InvocationID

InvocationID is similar to RequestID, but where RequestID correlates records relating a single, top-level invocation of ONAP as it traverses many systems, InvocationID correlates log entries relating to a single invocation of a single component. Typically this means via REST, but in certain cases an InvocationID may be allocated without a new invocation, e.g. when a request is retried.

RequestID and InvocationID allow an execution graph to be derived. This requires that:

The relationship between RequestID and InvocationID is reported.
The relationship between caller and recipient is reported for each invocation.

The proposed approach is that:

Callers:
- Issue a new, unique InvocationID UUID for each downstream call they make.
- Log the new InvocationID, indicating the intent to invoke:
  - With Markers INVOKE, and SYNCHRONOUS if the invocation is synchronous.
  - With their own InvocationID still set as an MDC.
- Pass the InvocationID as an X-InvocationID REST header.
Invoked components:
- Retrieve the InvocationID from REST headers upon invocation, or generate a UUID default.
- Set the InvocationID MDC.
- Write a log entry with the Marker ENTRY. (In EELF this will be to the AUDIT log).
- Act as per Callers in all downstream requests.
- Write a log entry with the Marker EXIT upon return. (In EELF this will be to the METRIC log).
- Unset all MDCs on exit.

That seems onerous, but:

It's only a few calls.
It can be largely abstracted in the case of EELF logging.

TODO: code.

MDCs - the Rest

Other MDCs are logged in a wide range of contexts.

Certain MDCs and their semantics may be specific to EELF log types.

TODO: cross-reference EELF output to v1 doc.

ID	MDC	Description	Required	EELF Audit	EELF Metric	EELF Error	EELF Debug

ID	MDC	Description	Required	EELF Debug
1	BeginTimestamp	Date-time that processing activities being logged begins. The value should be represented in UTC and formatted per ISO 8601, such as “2015-06-03T13:21:58+00:00”. The time should be shown with the maximum resolution available to the logging component (e.g., milliseconds, microseconds) by including the appropriate number of decimal digits. For example, when millisecond precision is available, the date-time value would be presented as, as “2015-06-03T13:21:58.340+00:00”.	Y
2	EndTimestamp	Date-time that processing for the request or event being logged ends. Formatting rules are the same as for the BeginTimestamp field above. In the case of a request that merely logs an event and has not subsequent processing, the EndTimestamp value may equal the BeginTimestamp value.	Y
3	ElapsedTime	This field contains the elapsed time to complete processing of an API call or transaction request (e.g., processing of a message that was received). This value should be the difference between. EndTimestamp and BeginTimestamp fields and must be expressed in milliseconds.	Y
4	ServiceInstanceID	This field is optional and should only be included if the information is readily available to the logging component. Transaction requests that create or operate on a particular instance of a service/resource can identify/reference it via a unique “serviceInstanceID” value. This value can be used as a primary key for obtaining or updating additional detailed data about that specific service instance from the inventory (e.g., AAI). In other words: In the case of processing/logging a transaction request for creating a new service instance, the serviceInstanceID value is determined by either a) the MSO client and passed to MSO or b) by MSO itself upon receipt of a such a request. In other cases, the serviceInstanceID value can be used to reference a specific instance of a service as would happen in a “MACD”-type request. ServiceInstanceID is associated with a requestID in log records to facilitate tracing its processing over multiple requests and for a specific service instance. Its value may be left “empty” in subsequent record to the 1 st record where a requestID value is associated with the serviceInstanceID value. NOTE: AAI won’t have a serviceInstanceUUID for every service instance. For example, no serviceInstanceUUID is available when the request is coming from an application that may import inventory data.
5	VirtualServerName	Physical/virtual server name. Optional: empty if determined that its value can be added by the agent that collects the log files collecting.
6	ServiceName	For Audit log records that capture API requests, this field contains the name of the API invoked at the component creating the record (e.g., Layer3ServiceActivateRequest). For Audit log records that capture processing as a result of receipt of a message, this field should contain the name of the module that processes the message.	Y
7	PartnerName	This field contains the name of the client application user agent or user invoking the API if known.	Y
8	StatusCode	This field indicates the high level status of the request. It must have the value COMPLETE when the request is successful and ERROR when there is a failure.	Y
9	ResponseCode	This field contains application-specific error codes. For consistency, common error categorizations should be used.
10	ResponseDescription	This field contains a human readable description of the ResponseCode.		11
11	InstanceUUID	If known, this field contains a universally unique identifier used to differentiate between multiple instances of the same (named) log writing service/application. Its value is set at instance creation time (and read by it, e.g., at start/initialization time from the environment). This value should be picked up by the component instance from its configuration file and subsequently used to enable differentiation of log records created by multiple, locally load balanced ONAP component or subcomponent instances that are otherwise identically configured.
12	Severity	Optional: 0, 1, 2, 3 see Nagios monitoring/alerting for specifics/details.
13	TargetEntity	It contains the name of the ONAP component or sub-component, or external entity, at which the operation activities captured in this metrics log record is invoked.	Y
14	TargetServiceName	It contains the name of the API or operation activities invoked at the TargetEntity.	Y
15	Server	This field contains the Virtual Machine (VM) Fully Qualified Domain Name (FQDN) if the server is virtualized. Otherwise, it contains the host name of the logging component.	Y
16	ServerIPAddress	This field contains the logging component host server’s IP address if known (e.g. Jetty container’s listening IP address). Otherwise it is empty.
17	ServerFQDN	Unclear, but possibly duplicating one or both of Server and ServerIPAddress.
18	ClientIPAddress	This field contains the requesting remote client application’s IP address if known. Otherwise this field can be empty.
19	ProcessKey	This field can be used to capture the flow of a transaction through the system by indicating the components and operations involved in processing. If present, it can be denoted by a comma separated list of components and applications.
20	RemoteHost	Unknown.
21	AlertSeverity	Unknown.
22	TargetVirtualEntity	Unknown
23	ClassName	Defunct. Doesn't require an MDC.
24	ThreadID	Defunct. Doesn't require an MDC.
25	CustomField1	(Defunct now that MDCs are serialized as NVPs.)
26	CustomField2	(Defunct now that MDCs are serialized as NVPs.)
27	CustomField3	(Defunct now that MDCs are serialized as NVPs.)
28	CustomField4

ONAP Application Logging Guidelines v1.1