Autopsy 3 Logging and Error Checking

From SleuthKitWiki
Revision as of 08:29, 11 November 2011 by Carrier (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page outlines the developer guidelines for consistent logging and error checking / handling.


Logs are created at the user-level in Autopsy. NetBeans provides a handler that writes log messages to the file $userdir$/var/logs/messages.log. That message log is also supplemented with an autopsy.log file (in the same directory), which logs approximately the same information but is augmented with timestamps. The path to the userdir directory can be found in the About window of Autopsy. It creates a new log file for each run, and also keeps the logs from the previous two runs.

Logging in Autopsy follows the NetBeans convention of using java.util.logging. To use it, get a Logger instance and log a message with it:

   Logger logger = Logger.getLogger(CLASS.class.getName()); // Get an appropriate logger for the class CLASS
   logger.log(Level.WARNING, "LOG MESSAGE", EXCEPTION); // Make a new record with level WARNING, containing the message LOG MESSAGE and the exception EXCEPTION

Along with the appropriate imports from java.util.logging that is all that's needed for a class to use the logging module.

Our use of the levels include:

  • SEVERE: errors that critically affect the application
  • WARNING: errors that might be recovered from
  • INFO: User actions that could be useful for debugging
  • FINE: case lifecycle events

Descriptions of the meaning for each logging level can be found in the java.util.logging JavaDoc - [[1]]

Note: By virtue of being initialized from a module, the autopsy.log file may be miss some log statements that occur immediately after Autopsy is launched, when the NetBeans platform is loading modules. The messages.log file is created by NetBeans platform internals, and will contain all startup information. Levels

Error handling

Autopsy uses exceptions for error handling. The exception should be caught and handled by the process that initiated the request and should try to recover from them (if possible. For example, the DataModel module is simply a NetBeans module around the TSK Datamodel JAR file. It does not directly initiate any requests and therefore passes all of its exceptions up to the other module that used the DataModel module to get access to the image data.

When an exception is caught, it should usually be logged and a message box can be displayed. To automatically display the message boxes, a log handler is registered in Autopsy to display an error message box for every log record that has a level of WARNING or greater and an exception is passed in as an argument.