views:

270

answers:

6

I have been coming across these two words more often but i didn't see much difference in these? I mean want to know are they used interchangeably or there are some differences in those two? Thanks.

+1  A: 

Audit implies active review of the logging, IMHO. Can't have audit without logging, but you can have logging without audit.

Nate
+2  A: 

The difference is more in usage than in technique.

Auditing is used to answer the question "Who did what?" and possibly why. Logging is more focussed on what's happening.

extraneon
-1. Try telling that to programs where auditing requirements are clearly legally defined. Like: maintenance of aircraft engines, biological labs, business / trading applications.
TomTom
@TomTom I really don't get your point. You implement auditing as part of requirements, wherever they come from. The techniques to store the logs, whether audit or debug or whatever, really are no different unless there are implementation requiements.
extraneon
The point is that Auditing pretty much resolves AROUND implementation requirements. Often you are told WHAT to audit, HOW LONG to store it and HOW SAFE to store it, in a lot of details. I know a lot of auditing requirements where text logs would be out because - they are minpulatable if stored on discs.
TomTom
+8  A: 

Logging typically means the recording of implementation level events that happen as the program is running (methods get called, objects are created, etc.). As such it focuses on things that interest programmers

Auditing is about recording domain-level events: a transaction is created, a user is performing an action, etc. In certain types of application (Banking) there is a legal obligation to record such events.

Itay
+1 for the legal reference
TomTom
I think your definition of logging might be a bit narrow in scope, but probably just right for a programming forum :-)
Nate
Often, auditing is a subset of what is logged, so they are not so different. Logging just includes much more than auditing events.
Robin
+1  A: 

They're significantly different. Logging is simply the abstract task of recording data about events that take place in a system. If you are recording any information at all, you're logging.

Auditing, however, is more complex. Auditing is the practice of inspecting logs for the purpose of verifying that the system is in a desirable state or to answer questions about how the system arrived at a particular state. One way of doing auditing is by reviewing logs, of course, but you can do audits without logs (as a simple example, you could ask a user directly whether they were responsible for a particular change). That's not a great idea, because logging is typically such a cheap operation that alternatives don't need to be considered.

John Feminella
+2  A: 

There is a technical issue in that Auditing often has legal requirements. Also Auditing is often done within the application - as in: there is a user interface to see who changed what because users / compliance department may need to check it. Also Auditing may have legal requirements (write out to WORM media once so it can not be manipulated, keep data for x years).

An example: I have a trading applications. All changes to orders are audited - you hae the OrderStatus, and the OrderStatusHistory. This is not technical - and the history is part of the application interface.

Logging is purely technical. It is totally ok to turn it off at times, or to have admins have to extract the log files.

TomTom
+1  A: 

I see Audit logs as information required by Business to assertain some action happened on the specific date and time by this user for this user. It has a business value attached to it, which will let you verify what happened. Generally Audit logs are archived for historical and compliance purpose

Normal logging, logs information required by technology partner to understand what happened or how the system behaved during a specific event. It can contain method signature, what values are passed as input and what values are as passed as output and if there was an exception, more information about the exception etc. These information are not required by the business and can be turned off or the details which are logged can be reduced based on the needs. These information basically assist development or support teams to debug the system.

Ramesh