Establish standards for log levels & formats #25
Description
As first noted in freedomofpress/securedrop-client#1166, it would be useful to document how we use different log levels, what format we typically want to use for log lines, and any security considerations for logging. This could be added to the contributor guidelines in https://developers.securedrop.org/en/latest/contributor_guidelines.html
For example:
- How do we want to use categories like "debug", "informational", "warning", "error", "critical/fatal"?
- When do we log duration/performance information? For network operations, do we log start/end, or just success/failure?
- What information should always be redacted from logs?
- For events spanning multiple entries, do we want to have standard patterns for connecting them, e.g., an event ID?
- Do we want to consistently support pretty-printing structured log entries using libraries like
structlog(Python) orpino(Node)?
This would be good to establish early for the SecureDrop Client rewrite so we can pattern preferred practices there and then potentially apply them elsewhere.