v2: Logging for endpoint calls

[maxachis]

Setting up logging for endpoint calls would make it easier for us to both debug our application in the production environment (i.e. seeing what endpoint calls occurred right before a crash or bug occurred) as well as provide us a means to better assess who is accessing PDAP and for what purposes.

We have a few options at our disposal:

1. The runtime logs produced by our Digital Ocean Application already provides this information in a text-based format, e.g. [data-sources-app] [2024-06-21 22:03:03] 10.244.55.86 - - [21/Jun/2024:22:03:03 +0000] "GET /search-tokens?arg1=stops&arg2=pittsburgh&endpoint=quick-search HTTP/1.1" 200 1421 "-" "python-requests/2.28.2". Utilizing Log Forwarding offered by Digital Ocean, we could forward our logs to a third party application, and then access the logs that way. Probably would be the easiest way and fastest way to do it, but it would also mean we're adding an additional third party application to our repertoire. We'd also have less control.
2. We can add explicit logging to our repository code that records specific information and sends it to a destination of our choosing. Would take more time, and increases the risks of bugs, but also gives us more control.
3. There other third-party options which we could explore.

[maxachis]

@josh-chamberlain I personally think option 1 is worth exploring and trying out for a while, especially considering our recent persistent search engine bug. If it's a specific endpoint call that causes the app to break, this logging would help us determine that. Some of the third party apps Digital Ocean offers have free tiers that we can use to see how they behave.

[josh-chamberlain]

@maxachis This is sort of a generalized version of https://github.com/Police-Data-Accessibility-Project/data-sources-app/issues/270

Yes, let's set up a cheap place to accept some forwarded logs! ELK seems a little overkill, and reddit murmurs about other things, like this: https://grafana.com/docs/loki/latest/

[maxachis]

@josh-chamberlain I set up logging at Papertrail and sent you an email invite to the organization. Have a look at it and let me know what you think. If you think it's good, we can add login/account information to our organizational password manager and probably also make details in Notion about it.

[josh-chamberlain]

@maxachis I'm in there, I'm seeing logs. Approved!

we typically prefer open source but it's probably OK in this case that we don't have to roll our own. Would you mind sharing any particular reasons you chose papertrail?

In order to make this official:

• I need to be the owner of the organization, and I'll invite a board member too
• I made a page in Notion which at least says we use Papertrail and what we use it for. Anything else you can add about where and how this is configured would be great.
• make sure we're set up to close #270 (seems close if not there already)

[maxachis]

@josh-chamberlain My choice of Papertrail in this case was simply that:

1. It was one of the options offered by Digital Ocean
2. Of the options, its free trial plan (allowing us free logging below a threshold we were unlikely to exceed at these early days in the app) seemed most cost-sensible.

I added some additional details to Notion. Currently, the detail I've put in there is uncharacteristically concise! Let me know if you would like more details added. If not, I defer to you as to whether this is ready to be closed. We could still pursue option 2, as an expansion/refinement of our quick search query logging, as a way to track user metrics, but that may be worth exploring in a different issue.