tags:

views:

86

answers:

3
+1  Q: 

Should I log my website's 404 errors?

I have an ASP.NET website, but this question isn't really about technology, it is rather about practice. Should we log our 404 errors?

My reasoning:

  1. This is a potential vulnerable point because a simple unfriendly user may fill up your hard drive in no time just by requesting wrong URLs!
  2. Some browsers often request resources up front - like for example favicon.ico, even if its not there. This is really annoying.

But really I would like to know about a broken link if there exists one in my websites. Should I depend on the URL referrer? The problem with the URL referrer is that I cannot distinguish my internal redirect which may be broken with an unfriendly one from outside.

What does the practice suggest?

+3  A: 

I would recommend logging unique URLs (one row per url, with a count field specifying how many times it was requested), and deleting the least-frequently requested ones if the log gets too large.

SLaks  2010-04-20 12:26:35
I like this, potentially with a whitelist of sorts for e.g favicon ??
David Archer  2010-04-20 12:34:09
You would not have timestamps, referrers, user agents etc. for each URL which would make debugging quite painful. Why not keep the full log (rotate as needed) and just provide your own view on top of it, if all you "normally" want is a count/some stats.
scunliffe  2010-04-20 12:58:11
@scunliffe: For 404's, that's not so important. (Except for referrers) However, for any other error, you're very right.
SLaks  2010-04-20 13:00:59
I disagree. If my log starts filling up with 404's I want to know everything I can about how/when/where/why they happened. Is it an inbound link that is messed up? has my AJAX gone wonky, is IE6 doing something funny that I wasn't expecting? When did it start happening (e.g. was it a code change I made that caused it?)
scunliffe  2010-04-20 13:06:32
+2  A: 

Yes Log all HTTP Access/Errors.

Then when you encounter 404's that are errors in your design, fix them!

As for the favicon 404 (IE), be sure to put a tiny (cachable) image there for IE to download vs. causing a 404 entry.

As for a naughty user that decides to hammer your site with invalid URL's... use the log as a tool to find them, and ban them. ;-)

scunliffe  2010-04-20 12:30:01
+1  A: 

This is a potential vulnerable point because a simple unfriendly user may fill up your hard drive in no time just by requesting wrong URLs!

Make sure your hard disk has a reasonable amount of free space, and rotate your logs.

Some browsers often request resources up front - like for example favicon.ico, even if its not there. This is really annoying.

There aren't many such resources (favicon.ico and robots.txt being the primary ones). Just provide them.

Error logs are useful, they clue you in to broken links which you might be able to do something about.

David Dorward  2010-04-20 12:32:07

related questions

Best way to aggregate multiple log files from several servers
Logging activities in multithreaded applications
Should a Log4J logger be declared as transient?
Java logger that automatically determines caller's class name
Good way to time SQL queries when using Linq to SQL
Which logging library is better?
Unhandled Exception Logging for Winforms
track down file handle
How to log in T-SQL
What is the point of clog?
What is a good way to format logs?
What's your favorite (free) log viewer for EntLib or Log4Net?
Looking for a SQL Transaction Log file viewer
What’s your logging philosophy?
Do C++ logging frameworks sacrifice reusability?
Viewing event log via a web interface
Logging in a PHP webapp
What logging is good logging for your app?
Java Logging vs Log4J
Giant NodeManagerLogs from hibernate in weblogic
Which is a better approach in logging - files or DB?
Off-the-Shelf C++ Hex Dump Code
Instrumenting Database Access
Where should I put my log file for an asp.net application?
User access log to SQL Server