2

I am a developer working on an ASP.NET application. The application writes logging messages to the Windows event log - a custom application log just for this application. However, I do not have any access to testing or staging web/application servers. I thought an admin could just give me read access to this event log to help in debugging problems (currently a service that is working in dev is not working in test environment and I have no idea why) but that is against my client's (I'm a consultant) policy. I feel silly to keep asking an admin to look at the event log for me. What is the harm in giving developers read access to application server application event logs? Is there a different method of application logging that sysadmins prefer programmers use? Surely, admins don't want to be fetching logging messages for developers all the time.

Jim Anderson
  • 123
  • 4

2 Answers2

4

A kind of Non-Answer would be you are consultant, unless you are unable to do you job, give them what they want.

More on point to your question is that consultants are often 'untrusted' to degree. It doesn't always have to make sense, but often these procedures are meant to be on the safe side. So even if these logs don't have sensitive information, other logs might. So it is easier for a big company just to have a general policy.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • Thanks for the response, Kyle. Regarding "..even if these logs don't have sensitive information, other logs might." Can't access be granted to a specific application log only used for this application and no other event logs on the server? – Jim Anderson May 28 '10 at 18:51
  • 1
    Jim: Oh, sure. But I meant as a policy in the sense of policy makers, not computer policy. So it is easier for a company to make a rule that says "Consultants can't have access to logs". Than "Consultants may not have access to logs that contain x .. y .. ... v if not t" etc. – Kyle Brandt May 28 '10 at 19:13
  • And a rule like that is easy to implement as well. Don't worry about bothering the admin, if it is a problem it is his job to raise the issue, not yours (unless he can't get them to you in a timely fashion). – Kyle Brandt May 28 '10 at 19:21
1

It may be a matter of not allowing any type of access to the server as a whole, not neccessarily the log files or the information therein. Ask one of the admins if they can give you a copy of the log, which you could then open on your own computer.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171