ONAP Application Logging Specification v1.3 (Frankfurt)
About This Document
Official R1 documentation snapshot in https://onap.readthedocs.io/en/latest/submodules/logging-analytics.git/docs/
This document specifies logging conventions to be followed by ONAP component applications.
ONAP logging is intended to support operability, debugging and reporting on ONAP. These guidelines address:
- Events that are written by ONAP components.
- Propagation of transaction and invocation information between components.
- MDCs, Markers and other information that should be attached to log messages.
- MDC = Mapped Diagnostic Context
- Human and machine-readable output format(s).
- Files, locations and other conventions.
Original AT&T ONAP Logging guidelines (pre amsterdam release) - for historical reference only: https://wiki.onap.org/download/attachments/1015849/ONAP%20application%20logging%20guidelines.pdf?api=v2
The Acumos logging specification follows this document at https://wiki.acumos.org/display/OAM/Log+Standards
Logback reference: Logging Developer Guide#Logback.xml based on https://gerrit.onap.org/r/#/c/62405
Introduction
The purpose of ONAP logging is to capture information needed to operate, troubleshoot and report on the performance of the ONAP platform and its constituent components. Log records may be viewed and consumed directly by users and systems, indexed and loaded into a datastore, and used to compute metrics and generate reports.
The processing of a single client request will often involve multiple ONAP components and/or subcomponents (interchangeably referred to as ‘application’ in this document). The ability to track flows across components is critical to understanding ONAP’s behavior and performance. ONAP logging uses a universally unique RequestID value in log records to track the processing of every client request through all the ONAP components involved in its processing.
A reference configuration of Elastic Stack is being deployed using ONAP Operations Manager since the amsterdam release - see usage in Logging Analytics Dashboards (Kibana)
This document proposes conventions you can follow to generate conformant, indexable logging output from your component.
Supported Languages
How to Log
ONAP prescribes conventions. The use of certain APIs and providers is recommended, but they are not mandatory. Most components log via EELF or SLF4J to a provider like Logback or Log4j.
Logging Specification Compliance
Logging Library Location and Use
What to Log
Context
MDCs
A Mapped Diagnostic Context (MDC) allows an arbitrary string-valued attribute to be attached to a Java thread via a ThreadLocal variable. The MDC's value is then emitted with each message logged by that thread. The set of MDCs associated with a log message is serialized as unordered name-value pairs (see 71831758).
A good discussion of MDCs can be found at https://logback.qos.ch/manual/mdc.html.
Example
From Luke Parker's call graph work in https://git.onap.org/logging-analytics/tree/reference/logging-slf4j-demo
LogEntry(markers=ENTRY, logger=ComponentAlpha, requestID=eb3e0dc2-6c3c-4bb7-8ed6-e5cc4ec7aad2, invocationID=06c815ef-5969-45cc-b319-d0dbcde89329, timestamp=Tue May 08 04:23:27 AEST 2018)
Mapped Diagnostic Context Table
- Must be set as early in invocation as possible.
- Must be unset on exit.
- keep in sync with https://wiki.acumos.org/display/OAM/Log+Standards
Legend |
---|
Green = Required field |
Yellow = Optional field |
Pipe Order | Name | Type | Group | Description | Required? Y/N/C (C= context dependent) N = not required L=Library provided | Notes | Code References |
---|---|---|---|---|---|---|---|
1 | LogTimestamp | log system | use %d field - see %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX",UTC} | L | |||
71831758 | 71831758 | MDC | if part of an ENTRY marker log | C | |||
71831758 | 71831758 | MDC | if part of an INVOKE marker log | C | |||
71831758 | 71831758 | MDC | UUID to track the processing of each client request across all the ONAP components involved in its processing | Y | In general | ||
71831758 | 71831758 | MDC | UUID correlates log entries relating to a single invocation of a single component In the case of an asynchronous request, the InvocationID should come from the original request | Y | See the comment section of the v1.2 spec spec on July 23, 2019 | ||
71831758 | 71831758 | MDC | An unique ID to differentiate between multiple instances of the same (named) log writing service/application. For example, either the Kubernetes pod ID or UUID can be used for this field. | Y | Was InstanceUUID | ||
7 | ServiceInstanceID | MDC | An unique identifier of a newly instantiated network service instance. | C | |||
8 | thread | log system | use %thread field | L | |||
71831758 | 71831758 | MDC | The service inside the partner doing the call - includes API name | Y | |||
71831758 | 71831758 | MDC | The identification of the entity that made the request being served. For a serving API that is authenticating the request, this should be the authenticated username or equivalent (e.g. an attuid or a mechid)
authenticated = userid
| Y | See the comment section of the v1.2 spec spec on August 6, 2019 | ||
71831758 | 71831758 | MDC | This field indicates the high level status of the request - one of (COMPLETE, ERROR, INPROGRESS) | Y | 20180807: expand from 2 fields to add "INPROGRESS" addresses Chris Lott question on https://wiki.acumos.org/display/OAM/Log+Standards | ||
71831758 | 71831758 | MDC | This field contains application-specific error codes. In the case where | Y | |||
13 | ResponseDesc | This field contains a human readable description of the ResponseCode | Y | ||||
14 | level | %level | L | ||||
71831758 | 71831758 | MDC | Logging level by default aligned with the reported log level - one of INFO/TRACE/DEBUG/WARN/ERROR/FATAL | Y | |||
16 | ServerIPAddress | C | |||||
17 | ElapsedTime | C | |||||
71831758 | 71831758 | MDC | The VM FQDN if the server is virtualized. Otherwise the host name of the logging component. | Y | |||
71831758 | 71831758 | MDC | This field contains the requesting remote client application’s IP address if known. Otherwise empty. | Y | |||
ServerFQDN supercedes VirtualServerName as mentioned in the comment section of the v1.2 spec on July 3, 2019. | |||||||
21 | ContextName | C | The logging enhancement team could not find any definition for this field and it was agreed to leave out the description for this field. See comment section of the v1.2 spec on July 23, 2019. | ||||
71831758 | 71831758 | MDC | The name of the ONAP component or sub-component, or external entity, at which the operation activities captured in this metrics log record is invoked. | C | |||
71831758 | 71831758 | MDC | The name of the API or operation activities invoked (name on the remote/target application) at the TargetEntity. | C | |||
71831758 | 71831758 | MDC | VNF/PNF context dependent - on CRUD operations of VNF/PNFs The IDs that need to be covered with the above Attributes are
| C | |||
25 | User | MDC | User - used for %X{user} | C | |||
26 | p_logger | log system | The name of the class doing the logging (in my case the ApplicationController – close to the targetservicename but at the class granular level - this field is %logger | L | |||
27 | p_mdc | log system | allows forward compatability with ELK indexers that read all MDCs in a single field - while maintaining separate MDCs above. The key/value pairs all in one pipe field (will have some duplications currently with MDC’s that are in their own pipe – but allows us to expand the MDC list – replaces customvalue1-3 older fields - this field is %mdc | L | |||
28 | p_message | log system | Standard attribute - defined in logback.xml - Message - used for %msg% | L | |||
29 | p_marker | log system | The marker labels INVOKE, ENTRY, EXIT – and later will also include DEBUG, AUDIT, METRICS, ERROR when we go to 1 log file - this field is %marker | L |
Logging
Via SLF4J:
import java.util.UUID; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; // ... final Logger logger = LoggerFactory.getLogger(this.getClass()); MDC.put("SomeUUID", UUID.randomUUID().toString()); try { logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached."); // ... } finally { MDC.clear(); }
EELF doesn't directly support MDCs, but its default provider (where com.att.eelf.configuration.SLF4jWrapper is the configured EELF provider)normally logs via SLF4J, and SLF4J will receive any MDC that is set:
import java.util.UUID; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; // ... final EELFLogger logger = EELFManager.getInstance().getLogger(this.getClass()); MDC.put("SomeUUID", UUID.randomUUID().toString()); try { logger.info("This message will have a UUID-valued 'SomeUUID' MDC attached."); // ... } finally { MDC.clear(); }
Serializing
Output of MDCs must ensure that:
- All reported MDCs are logged with both name AND value. Logging output should not treat any MDCs as special.
- All MDC names and values are escaped.
Escaping in Logback configuration can be achieved with:
%replace(%replace(%mdc){'\t','\\\\t'}){'\n','\\\\n'}
MDC-RequestID
This is often referred to by other names, including "Transaction ID", and one of several (pre-standardization) REST header names including X-TransactionID, X-ECOMP-TransactionID, X-ECOMP-RequestID and X-ONAP-RequestID.
ONAP logging uses a universally unique "RequestID" value in log records to track the processing of each client request across all the ONAP components involved in its processing. RequestID be propagated across all interfaces, not just REST Interfaces.
This value:
- Is logged as a RequestID MDC.
- Is propagated between components in REST calls as an X-ONAP-RequestID HTTP header.
Receiving the X-ONAP-RequestID will vary by component according to APIs and frameworks. In general:
import javax.ws.rs.core.HttpHeaders; // ... final HttpHeaders headers = ...; // ... String txId = headers.getRequestHeaders().getFirst("X-ONAP-RequestID"); if (StringUtils.isBlank(txId)) { txId = UUID.randomUUID().toString(); } MDC.put("RequestID", txID);
Setting the X-ONAP-RequestID likewise will vary. For example:
final String txID = MDC.get("RequestID"); HttpURLConnection cx = ...; // ... cx.setRequestProperty("X-ONAP-RequestID", txID);
Note that it's been suggested that for the duration of Casablanca we report the request ID using all three headers:
- X-ONAP-RequestID (canonical)
- X-RequestID (deprecated)
- X-TransactionID (deprecated)
MDC - InvocationID
InvocationID is similar to RequestID, but where RequestID correlates records relating a single, top-level invocation of ONAP as it traverses many systems, InvocationID correlates log entries relating to a single invocation of a single component. Typically this means via REST, but in certain cases an InvocationID may be allocated without a new invocation, e.g. when a request is retried.
RequestID and InvocationID allow an execution graph to be derived. This requires that:
- The relationship between RequestID and InvocationID is reported.
- The relationship between caller and recipient is reported for each invocation.
The proposed approach is that:
- Callers:
- Issue a new, unique InvocationID UUID for each downstream call they make.
- Log the new InvocationID, indicating the intent to invoke:
- With Markers INVOKE, and SYNCHRONOUS if the invocation is synchronous.
- With their own InvocationID still set as an MDC.
- Pass the InvocationID as an X-InvocationID REST header.
- Invoked components:
- Retrieve the InvocationID from REST headers upon invocation, or generate a UUID default.
- Set the InvocationID MDC.
- Write a log entry with the Marker ENTRY. (In EELF this will be to the AUDIT log).
- Act as per Callers in all downstream requests.
- Write a log entry with the Marker EXIT upon return. (In EELF this will be to the METRICS log).
- Unset all MDCs on exit.
That seems onerous, but:
- It's only a few calls.
- It can be largely abstracted in the case of EELF logging.
MDC - InstanceID
(formerly InstanceUUID)
If known, this field contains a universally unique identifier used to differentiate between multiple instances of the same (named) log writing service/application. Its value is set at instance creation time (and read by it, e.g., at start/initialization time from the environment). This value should be picked up by the component instance from its configuration file and subsequently used to enable differentiation of log records created by multiple, locally load balanced ONAP component or subcomponent instances that are otherwise identically configured.
Handles parallel threads or running across a load balanced set of microservices - for identification.
MDC - PartnerName
This field should contain the name of the client application user agent or user invoking the API. The identification of the entity that made the request being served. For a serving API that is authenticating the request, this should be the authenticated username or equivalent (e.g. a userid or a mechid).
For example SDC-BE instead of just SDC for the overall pods
This is often used for heuristic analysis to identify invocations between ONAP individual ONAP components. Its value has never been clearly stipulated, so a common problem has been a lack of consistency.
There is no clear consensus, but:
- Use the short name of your component, e.g. xyzdriver. (try to incorporate both levels - the container name and the pod the container is in within the kubernetes deployment)
- Values should be human-readable.
- Values should be fine-grained enough to disambiguate subcomponents where it's likely to matter. This is subjective.
- Be consistent: your component should ALWAYS report same value.
Real-life examples include MSO, bpmnclient, BPELClient, (all of which are reported by SO), openECOMP (SDNC), vid (VID!) etc. (See the problem?)
Usage overlaps with InvocationID, which doesn't mean PartnerName gets retired, but which might mean it serves a more descriptive purpose. (Since it hasn't proven to be a great way of generating a call graph).
MDC - ServiceName
The URI that the caller used to make the call to the component that is logging the message.
For EELF Audit log records that capture API requests, this field contains the name of the API invoked at the component creating the record (e.g., Layer3ServiceActivateRequest).
For EELF Audit log records that capture processing as a result of receipt of a message, this field should contain the name of the module that processes the message.
Usage is the same for indexable logs.
MDC - StatusCode
This field indicates the high level status of the request. It must have the value COMPLETE when the request is successful and ERROR when there is a failure. And INPROGRESS for states between the two.
Discussion: status/response/severity relationship
status = global, response below is app specific
Ability to render severity-like line in a non-debug log
MDC - ResponseCode
This field contains application-specific error codes. For consistency, common error categorizations should be used.
MDC - Severity
OPS specific
Use/Map existing https://www.slf4j.org/api/org/apache/commons/logging/Log.html
ENUM is INFO/TRACE/DEBUG/WARN/ERROR/FATAL
By default - align this severity with the reported log level
(optionally a way to map actual level from reported level if required)
MDC - ServerFQDN
This field contains the Virtual Machine (VM) Fully Qualified Domain Name (FQDN) if the server is virtualized. Otherwise, it contains the host name of the logging component.
Best effort (ip, fqdn)
(previously covered by removed "Server" field)
redundancy between clientIP, server, virtualServer name is OK - and helpfull for runtime OPS/Hybrid envs
supercedes virtualServerName
Report what is in the http header
Discussion: roll all 3 fqdn, hostname or ip into one field - do we ever need two of the 3 fields concurrently?
Dave Williamson We seem to cover well what to put in this field in bare metal and virtualized environments, but I think we have not managed to come to closure as to what we should put in containerized environments. I would suggest that in all environments we simply ask that whatever "hostname" reports be logged in this field.
- TODO: Verify what is also available from a filebeat agent when it exists
MDC - ClientIPAddress
This field contains the requesting remote client application’s IP address if known. Otherwise this field can be empty.
We don't differentiate between inside/outside ONAP for the IP - this supports hybrid environments
Derived from the system
redundancy between clientIP, server, virtualServer name is OK - and helpfull for runtime OPS/Hybrid envs
Discussion: do we need both ip and fqdn fields?
Report what is in the http header
MDC - EntryTimestamp
Date-time that processing activities being logged begins. The value should be represented in UTC and formatted per ISO 8601, such as “2015-06-03T13:21:58+00:00”. The time should be shown with the maximum resolution available to the logging component (e.g., milliseconds, microseconds) by including the appropriate number of decimal digits. For example, when millisecond precision is available, the date-time value would be presented as, as “2015-06-03T13:21:58.340+00:00”.
Context dependent on whether part of an ENTRY marker
Audit requires this field
MDC - InvokeTimestamp
Timestamp on invocation start.
Context dependent on whether part of an INVOKE marker
metrics needs this field.
MDC - TargetEntity
It contains the name of the ONAP component or sub-component, or external entity, at which the operation activities captured in this metrics log record is invoked.
Example: SDC-BE
MDC - TargetServiceName
It contains the name of the API or operation activities invoked (name on the remote/target application) at the TargetEntity.
Example: Class name of rest endpoint
Discussion: on building call graph vs human readable single line - keep for human readable
Used as valuable URI - to annnote invoke marker
Review in terms of 71831758 - possiblly add INVOKE-return - to filter reporting
TBD: Coverage by log file type (debug, trace, ...)
TBD: cover off discussion on reducing log files to two (DEBUG/rest) for C* release
MDC - TargetElement
VNF/PNF context dependent - on CRUD operations of VNF/PNFs
The IDs that need to be covered with the above Attributes are
- VNF_ID OR VNFC_ID : (Unique identifier for a VNF asset that is being instantiated or that would generate an alarms)
- VSERVER_ID OR VM_ID (or vmid): (Unique identified for a virtual server or virtual machine on which a Control Loop action is usually taken on, or that is installed as part of instantiation flow)
- PNF : (What is the Unique identifier used within ONAP)
MDCs - the Rest
Other MDCs are logged in a wide range of contexts.
Certain MDCs and their semantics may be specific to EELF log types.
Deprecation
Indexing makes many of the remaining attributes redundant. So for example:
- There is considerable duplication:
- BeginTimestamp, EndTimestamp, ElapsedTime. These are all captured elsewhere (and ElapsedTime is even redundant within that triplet).
- Server, ServerIPAddress, ServerFQDN, VirtualServiceName. Overkill. Should be one, plus optionally ClientIPAddress (or some variant thereof).
- TargetEntity, TargetServiceName, not obviously different to similar attributes.
- There is junk:
- Severity? Nagios codes?
- ProcessKey?
- All the stuff that's already grayed out in the table above.
- People may defend these individually, maybe vigorously, but they're domain-specific:
- That absolutely doesn't mean they can't be used.
- Beats configuration allows ad hoc contexts to be indexed.
- But perhaps they don't belong in this kind of spec.
- Redundant attributes *do* matter, because:
- Populating and propagating everything prescribed by the guide approaches being prohibitive. People won't do it, and people *don't* do it.
- If something might be in one of several attributes then that's worse than it being in just one.
- That means:
- We're left with only two MANDATORY attributes, necessary to build invocations graphs:
- RequestID - top-level transactions.
- InvocationID - inter-component invocations.
- And a minimal number of OPTIONAL descriptive attributes: ServiceInstanceID, InstanceID, Server, StatusCode, ResponseCode, ResponseDescription.
- Those are the ones we need to document clearly, support in APIs, etc.
- That's <=10, a manageable number.
- And again, that matters because if the number isn't manageable, people won't (and don't) comply.
Some of that is contentious, but it's just talking points at this stage. We've tiptoed around the issue of extant conventions, and the ongoing result is a lot of attributes that nobody's really sure how to use, and which don't result in better logs. In Casablanca it's time to be less conservative.
Examples
Output Format
Output Location
Configuration
Logging providers should be configured by file. Files should be at a predictable, static location, so that they can be written by deployment automation. Ideally this should be under /etc/ONAP, but compliance is low.
Locations
All logger provider configuration document locations namespaced by component and (if applicable) subcomponent by default:
/etc/ONAP/<component>[/<subcomponent>]/<provider>.xml
Where <provider>.xml, will typically be one of:
- logback.xml
- log4j.xml
- log4j.properties
Reconfiguration
Logger providers should reconfigure themselves automatically when their configuration file is rewritten. All major providers should support this.
The default interval is 10s.
Overrides
The location of the configuration file MAY be overrideable, for example by an environment variable, but this is left for individual components to decide.
Archetypes
Configuration archetypes can be found in the ONAP codebase https://git.onap.org/logging-analytics/tree/. Choose according to your provider, and whether you're logging via EELF. Efforts to standardize them are underway so the ones you should be looking for are where pipe (|) is used as a separator. (Previously it was "|").
Retention
Types of EELF Logs
Add this procedure to the Project Proposal Template By following a few simple rules: Obligations fall into two categories: You must: They are unordered. New ONAP Component Checklist
What's New
TBD
(Including what WILL be new in v1.2 / R2).
Field separator reverted to pipe.Dual appenders in Logback and Log4j reference configurations:Indexable, for shipping and indexing.EELF, for backward compatibility.Minor changes to path conventions.
XML output deprecated (required only for Log4j1.2, which is also expected to go).Improved documentation of semantics and usage (including initialization and propagation via ThreadLocal and HTTP headers) for existing MDCs and attributes.Add MDCs/Markers + usage for invocation IDs, allowing call graphs to be built without reliance on heuristics.Revisiting persistence (a clear requirement) and rollover settings, based on feedback from operations.More discussion of How to Log. (Where previously guidelines were largely concerned with architecture and mechanics).Locking in other changes proposed in R1, including MDC serialization, escaping, etc. These can be treated as accepted. (Note that they only affect indexable output).
In addition, we expect to provide (as a Beijing deliverable) a minimal, synthetic component as an example of best-practices, and this will provide all code examples for this guide. (Does that mean the example will log via EELF, or will we end up with two variants?)
Pending Specification Work
id | date | item | details | status |
---|---|---|---|---|
20180614 | MDC ClientIPAddress | Ask question of OPS to remove this field - 20180419 | todo | |
20180614 | MDC ResponseCode / ResponseDescription | expand/find note 1* | todo |
Developer Guide
see separate page (cross releases) in Logging Developer Guide