Feature Highlight: Remote Logging with AppSpector

Why logging?

Logging is an essential tool in software development that helps improve application quality, stability, and security. It aids developers in identifying and resolving issues more quickly and efficiently.

Logging provides a historical record of events and is helpful for debugging, auditing, and tracking. While debuggers, profilers, and other introspection tools provide more direct and real-time insight into a program's behavior and performance, logging is essential for any software project, from a small app to an advanced enterprise system.

In addition to the mentioned benefits, logs have other characteristics that make them invaluable. Once gathered, logs stay forever and can be analyzed later. Developers can compare them with other data, such as user complaints and different system incident timelines. The advantage of this is the ability to access logs remotely. Unlike most other development tools, logs are plain text, so you can access them via the network, share them between multiple clients, and filter them, among other things.

These peculiarities laid the foundation for the log monitor in AppSpector and the SDK-integrated logging tools we provide.

How are people logging now?

Before discussing AppSpector's logging mechanisms, let's recap how logging is performed in modern mobile development. Primarily, logs are spread across the codebase, displaying information about the application's state and the executed parts of the code. While this approach is handy for debugging, it introduces several issues:

1. Log gathering is not centralized. You can see them flowing into the console (or IDE output), but it's not easy to store them for further examination.
2. App output becomes overwhelmed with logs of different variable values, states, logic branches, etc. When looking for something specific, it quickly becomes a pain. While using the IDE or console, you can use integrated search tools, but filtering them by context is impossible.
3. It's almost impossible to note something crucial in logs if you are not expecting to see it. Getting hundreds of logs per second is common for a modern mobile app. Finding several lines indicating something went wrong with your API or database is a challenging task.

Keeping these issues in mind, developers have built numerous tools to help maintain a significant amount of logs and address the aforementioned problems. Log tagging and persistence are the two most helpful practices used across such libraries.

Log levels and tags

Most tools define tags and severity levels for log entries used to categorize log entries. For example, you might define tags as NETWORK, STORAGE, UI, and ANIMATION and severity levels as HIGH, MEDIUM, and LOW.

In the code, assign tags and severity levels to log entries using the APIs provided by the logging framework. For example, if your app ran out of disk space, you might use the tag STORAGE and the severity level HIGH.

You can also configure the logging framework to control the behavior of the logging system. For example, you might set the logging level to maintain the minimum severity level of entries or to configure the output location,

After that, you use the tags and severity levels to analyze the logs and identify issues and problems in the application. For example, you might filter the logs to display only log entries with a specific tag or severity level.

Persistence

Most frameworks allow you to configure output options for logs. You can dump them to a file or network storage while still showing in the app output. Some tools provide network-accessed services where you can keep logs from your app and examine them later. The persistence period and disk space for logs varies depending on the pricing.

Logging with AppSpector

Of course, when we were thinking of logs management at AppSpector, we considered all mentioned above. At the time AppSpector has a set of tools to manage logs in your app.

Log Monitor

The first and most core tool of the AppSpector toolkit is the log monitor. This tool and other monitors are available for all pricing plans.

The log monitor is a simple yet powerful tool. It's a mechanism that gathers all output of your app and sends it to the AppSpector backend. Here, you can view it in real-time on a web dashboard. It also searches logs, persists them for further use, and provides filtering options.

Using the log monitor doesn't require any code from you, simply add and configure the AppSpector SDK and run your app. All logs appear on the dashboard automagically.

As mentioned above, log levels and tags are essential for any logging framework. Many developers are already using them. Moving to AppSpector doesn't mean you must reconfigure your codebase and drop old tools.

That's why we recently started to add 3rd party integrations to log monitor. We are adding support for popular frameworks allowing you to use them along with AppSpector. For example, if you use a service like Cocoa Lumberjack with levels assigned to entries, they’ll appear alongside all other outputs. You can search and filter log levels directly on the dashboard.

So, there is no need to drop the tools you use now. The transition to AppSpector logging is seamless. And we are adding more integrations all the time.

SDK Logger

AppSpector’s logger is included with our SDK. It provides the same basic functionality as any other logging framework. You can have tags and log levels, see logs on the dashboard and filter them. Logger is pretty straightforward to use:

ASAppSpectorLogger.logMessage("Service loaded", tag: "networking", level: .info)

We continue to add features to it and plan to build a full-featured logging solution around the log monitor. You can control the logs you see on the console, dumping them locally or remotely via your network to any destination.

Logging Sanitizer

Another part of the SDK logger is the logging sanitizer. At AppSpector, we care about the security and privacy of our users. There are several security risks of having sensitive data in logs during the development process, including:

• Data breaches - Logs may contain sensitive information that can be compromised in a data breach.
• Insider threats - Developers and other individuals accessing the logs can misuse or steal sensitive information.
• Unauthorized access - Improperly secured logs may be accessible to unauthorized parties through hacking or misconfigured systems.
• Compliance violations - The presence of sensitive data in logs may violate privacy regulations, such as GDPR, and result in significant fines.

Therefore, it is essential to implement proper security and privacy controls to protect sensitive data. That's why AppSpector offers a sanitizer (an SDK API that filters the logs that go to our backend and adjusts them if needed). In other words, you can log your REST API response during debugging and configure our sanitizer to drop any sensitive information.

Configuring a log sanitizer is simple:

let config = AppSpectorConfig(apiKey: "API_KEY")

config.logSanitizer.filter = { event in
    if event.message.range(of: "token") != .none {
        event.level = .warn
    }
    return event
}

What you need to do is to assign a closure to `filter` property of the sanitizer and then perform your sanitizing logic there. All events going through log monitor will be sent to this sanitizer first.

You can find more info on using log sanitizer in the AppSpector Help Center

Custom events

Of course, the information needed for debugging is not limited to your app logs. Sometimes you need a deeper picture of what is happening. Using logs to inspect data structures while your app runs can be challenging. And at best, you'll only get text data that is hard to examine quickly.

AppSpector provides a special events monitor for such purposes. Its API allows you to define a data structure for an event and then, at a specific moment, send it to the backend. After it is processed, it will be available on the dashboard with data assigned to it. Events are presented as a list, fully searchable, persistent, and available after an app session ends for later use.

Using events is as simple as defining a custom class for your event:

class ASTestCustomEventPayload: NSObject, ASCustomEventPayload {
    var name: String!
    var category: String!
    var payload: [AnyHashable : Any]!
}

And after that, send it by calling AppSpector SDK API:

let payload = ASTestCustomEventPayload()
payload.name = "My sample event"
payload.category = "Testing events"
payload.payload = ["Triggered at": "\(Date())"]

AppSpector.sendCustomEvent(with: payload)

Sending an event while your app is offline stores the event in an internal SDK queue. It then sends all collected events later when your connection is restored.

More info on our events monitor is available in the AppSpector Help Center

Conclusion

Logs play a critical role in software development by providing valuable insights and data for debugging, performance optimization, and monitoring. However, it is essential to handle logs properly to avoid security and privacy risks, such as data breaches, unauthorized access, and compliance violations.

By implementing appropriate security and privacy measures, you can securely leverage the benefits of log data while protecting sensitive information. Proper log management is critical to a secure and effective software development process.

At AppSpector, we are continually developing our logging features, so stay tuned!