Log4Net – Write logs to a second file only when a failure occurs (C# 10)

Question

Log4Net – Write logs to a second file only when a failure occurs (C# 10)

Alin A 25

Hi,

I am using Log4Net in my system.

Currently, the logs are written only to the administrator’s log location and not to the user who runs the system.

What do you suggest ?

I though a solution so that whenever a failure occurs, the log will also be copied to the user’s location using MemoryAppender flush.

Admin log only (classic file logging).
User log only on failure (MemoryAppender flush).
NullLogger mode (disable all logging).

My current Log.

Log.txt

Extension to Log to support this problem , do you see problem if this the right solution?

Log.txt

Thanks in advance, User's image

Thanks in advance,

Alin A 25

Hi,

I used .NET 10 not C# 10.

Here is updated solution for the problem using using MemoryAppender.

Full Implementation.txt

This the missing client code:

1.Disabled — nothing logged

class Program
{
    static void Main()
    {
    // 1️⃣ Disable all logging
        Log.SetDisabled();
        Log.Error("This will NOT appear anywhere");
        Log.Info("Info ignored");
        Log.Debug("Debug ignored");
    }
}

Behavior:

• Admin log: ❌ none

• User log: ❌ none

2️⃣ Admin Only — full log

class Program
{
    static void Main()
    {
    // 2️⃣ Admin log only
        Log.SetAdminFile(@"C:\AdminLogs\system.log");
        Log.Info("Operation started");
        Log.Debug("Intermediate debug");
        Log.Warn("Minor warning");
        Log.Error("Something went wrong");
    }
}

Behavior:

• Admin log: ✅ written immediately

• User log: ❌ none

3️⃣ Admin + User Failure — buffer → flush once on error

class Program

{

**static void Main()**

**{**

    **// 3️⃣ Admin log + user log only on failure**

      **Log.SetAdminAndUserFailure(**

        **@"C:\AdminLogs\system.log",**

        **@"C:\Users\CurrentUser\Logs\user_failure.log"**

    **);**

    **// Logs before failure accumulate in memory**

    **Log.Info("Processing started");**

    **Log.Debug("Intermediate step info");**

    **// Error triggers memory flush to user log**

    **Log.Error("Conversion failed!");**

    **Log.Warn("This warning is also flushed");**

**}**
```**}**

**Behavior:**

•	Admin log: ✅ always written

•   User log: ✅ flushed once on first Error()

•   MemoryAppender: ✅ accumulates logs until flush

________________________________________

4️⃣ **User Failure Only — no admin, flush only on error**

**class Program**

**{**

```cpp
**static void Main()**

**{**

**// 4️⃣ User log only on failure, admin log suppressed**

    **Log.SetUserFailureOnly(@"C:\Users\CurrentUser\Logs\user_failure.log");**

    **Log.Info("Starting operation");   // Memory only, no file yet**

    **Log.Debug("Debug info");           // Memory only**

    **// Error triggers writing to user log**

    **Log.Error("Something went wrong");**

**}**
```**}**

Behavior:

•	Admin log: ❌ none

•   User log: ✅ created only on error

•   MemoryAppender: ✅ accumulates logs until flush

Is it best practice?

5 answers

Your answer

Answer 1

Danny Nguyen (WICLOUD CORPORATION) 6,455 Microsoft External Staff Moderator

Hi @Alin A.

From your post, it sounds like you want to always log to the admin file, but only create/write a separate user log when an error happens, and you’re asking if using a MemoryAppender and flushing it on the first failure is a good approach. The idea is sound. Buffer some recent log messages in memory, and when the first error happens, dump them to a user file so the user can send it to support.

But I see a few problems to watch out for:

Be careful configuring log4net in code

BasicConfigurator.Configure(...) changes the global log4net setup. If you call your SetAdminFile() / SetAdminAndUserFailure() more than once (restart logging, tests, etc.), you can end up with multiple appenders and duplicated log lines. You should reset/reconfigure the repository (or let the host configure log4net and only swap your adapter).

Make the “flush once” thread-safe

If two threads log an error at the same time, you might flush twice. Use Interlocked or a lock around the flush.

Memory can grow forever

If the app runs a long time and no error happens, MemoryAppender can keep growing. Usually you want to keep only the last N messages (a small ring buffer), not everything.

Your example doesn’t match the code after the first error

Right now you flush the buffered messages once, but after that you do NOT keep writing new Info/Warn/Debug to the user file. That’s fine if you only want “pre-error context”, but then say that clearly. If you want “after error, keep logging to the user file too”, you need to add that behavior.

Your ‘UserFailureOnly’ mode doesn’t buffer

UserLogOnlyAdapter ignores Info/Warn/Debug, so the user won’t get the “what happened before the error” context. If you want that, it also needs buffering + flush.

Overall: the pattern is good, just limit the buffer size, make flush thread-safe, and be careful with global log4net configuration.

If you found my response helpful or informative, I would greatly appreciate it if you could follow this guidance provide feedback. Thank you.

Alin A 25

@Danny Nguyen (WICLOUD CORPORATION)

Thank you very much for your answer.

I used the Log one time , not multi-threaded, but I want to give this support for future.

These are my answers:

1.Be careful configuring log4net in code

BasicConfigurator.Configure(...) changes the global log4net setup. If you call your SetAdminFile() / SetAdminAndUserFailure() more than once (restart logging, tests, etc.), you can end up with multiple appenders and duplicated log lines. You should reset/reconfigure the repository (or let the host configure log4net and only swap your adapter).

This is my fix code is ok ?

Fix
Reset repository before configuring.
private static void Configure(params IAppender[] appenders)
{
    var repo = LogManager.GetRepository();
    repo.ResetConfiguration();
    BasicConfigurator.Configure(appenders);
}
Replace
BasicConfigurator.Configure(appender);
with
Configure(appender); (In SetAdminFile class)
and
BasicConfigurator.Configure(fileAppender, memoryAppender);
with
Configure(fileAppender, memoryAppender); (In SetAdminAndUserFailure class)

2.Make the “flush once” thread-safe

If two threads log an error at the same time, you might flush twice. Use Interlocked or a lock around the flush.

This is my fix code is ok ?

Current can be changed from multiple threads.
Fix
Use volatile + Interlocked.
private static volatile IAppLogger _current = new NullLogger();
public static IAppLogger Current
{
    get => _current;
    set => Interlocked.Exchange(ref _current, value ?? new NullLogger());
}
Add:
using System.Threading;

3.Memory can grow forever

If the app runs a long time and no error happens, MemoryAppender can keep growing.

Usually you want to keep only the last N messages (a small ring buffer), not everything.

This is my fix code is ok ? I need I have 100 lines of logs at maximum, need it ?

MemoryAppender stores unlimited logs.
If the app runs long before failure → huge memory usage.
This parameter will come from outside the function
Simpler fix:
if (_memoryAppender.GetEvents().Length > 500)
    _memoryAppender.Clear();
Add before flushing.

4.Your example doesn’t match the code after the first error

Right now you flush the buffered messages once, but after that you do NOT keep writing new Info/Warn/Debug to the user file. That’s fine if you only want “pre-error context”, but then say that clearly. If you want “after error, keep logging to the user file too”, you need to add that behavior.

I want to Info/Warn/Debug + Error log and when there is error to log last error and to exit.

I will exit in my code after Log.Error. This my bussiness.

Do you see problem ?

5.Your ‘UserFailureOnly’ mode doesn’t buffer

UserLogOnlyAdapter ignores Info/Warn/Debug, so the user won’t get the “what happened before the error” context. If you want that, it also needs buffering + flush.

This is my fix code is ok ?

Fixed UserLogOnlyAdapter (Buffered + Flush)
using System;
using System.Threading;
using log4net.Appender;
using log4net.Core;
using log4net.Layout;
public class UserLogOnlyAdapter : IAppLogger
{
    private readonly MemoryAppender _memoryAppender = new MemoryAppender();
    private readonly RollingFileAppender _userAppender;
    private int _flushed;
    public UserLogOnlyAdapter(string userLogPath)
    {
        var fullPath = Log.ResolvePath(userLogPath);
        Log.EnsureDirectoryExists(fullPath);
        Log.ProbeWriteAccess(fullPath);
        var layout = Log.CreateDefaultLayout();
        _userAppender = new RollingFileAppender
        {
            File = fullPath,
            AppendToFile = true,
            RollingStyle = RollingFileAppender.RollingMode.Size,
            MaximumFileSize = "5MB",
            MaxSizeRollBackups = 1,
            StaticLogFileName = true,
            Layout = layout
        };
        _userAppender.ActivateOptions();
        _memoryAppender.ActivateOptions();
    }
    public void Debug(string message, Exception ex = null)
        => Buffer(Level.Debug, message, ex);
    public void Info(string message, Exception ex = null)
        => Buffer(Level.Info, message, ex);
    public void Warn(string message, Exception ex = null)
        => Buffer(Level.Warn, message, ex);
    public void Error(string message, Exception ex = null)
    {
        Buffer(Level.Error, message, ex);
        if (Interlocked.Exchange(ref _flushed, 1) == 1)
            return;
        foreach (var e in _memoryAppender.GetEvents())
            _userAppender.DoAppend(e);
        _memoryAppender.Clear();
    }
    private void Buffer(Level level, string message, Exception ex)
    {
        var loggingEvent = new LoggingEvent(
            new LoggingEventData
            {
                LoggerName = "User",
                Level = level,
                Message = message,
                ExceptionString = ex?.ToString(),
                TimeStampUtc = DateTime.UtcNow
            });
        _memoryAppender.DoAppend(loggingEvent);
        // optional safety cap
        if (_memoryAppender.GetEvents().Length > 500)
            _memoryAppender.Clear();
    }
}
In additions:

6.Extract Repeated Layout Creation

I repeat this everywhere:
var layout = new PatternLayout("%date %-5level %logger - %message%newline%exception");
layout.ActivateOptions();
Fix
Add helper:
internal static PatternLayout CreateDefaultLayout()
{
    var layout = new PatternLayout("%date %-5level %logger - %message%newline%exception");
    layout.ActivateOptions();
    return layout;
}
Then use:
Layout = Log.CreateDefaultLayout()

7.Fix EnsureDirectoryExists Null Edge Case

Problem
Path.GetDirectoryName() can return null.
Fix
internal static void EnsureDirectoryExists(string fullPath)
{
    var dir = Path.GetDirectoryName(fullPath);
    if (!string.IsNullOrEmpty(dir) && !Directory.Exists(dir))
        Directory.CreateDirectory(dir);
}

8. Fix ProbeWriteAccess File Lock Risk

Current:
using (File.Open(fullPath, FileMode.Append, FileAccess.Write)) { }
This can fail if log4net already opened the file.
Safer
internal static void ProbeWriteAccess(string fullPath)
{
    using (var fs = new FileStream(fullPath, FileMode.OpenOrCreate, FileAccess.Write, FileShare.ReadWrite))
    {
    }
}

9.Improve UserLogOnlyAdapter LoggingEvent Creation

Currently:
var loggingEvent = new LoggingEvent(
    typeof(UserLogOnlyAdapter),
    LogManager.GetRepository(),
    "User",
    Level.Error,
    message,
    ex);
Better to include timestamp + thread.
Fix
var loggingEvent = new LoggingEvent(
    new LoggingEventData
    {
        Level = Level.Error,
        LoggerName = "User",
        Message = message,
        ExceptionString = ex?.ToString(),
        TimeStampUtc = DateTime.UtcNow
    });

10.Avoid Logger Type Fragmentation

Currently:
Log4NetAdapter
Log4NetAdapterWithFailureFlushWithPath
This creates different logger names in log4net.
Better:
private readonly ILog _logger = LogManager.GetLogger("App");
instead of
LogManager.GetLogger(typeof(...))
This keeps single logger identity.

11. Prevent MemoryAppender Growth (Important)

MemoryAppender stores unlimited logs.
If the app runs long before failure → huge memory usage.
Fix (recommended)
Create custom capped memory appender.
Simpler fix:
if (_memoryAppender.GetEvents().Length > 500)
    _memoryAppender.Clear();
Add before flushing.

12.Small Performance Improvement

Change facade calls from:
public static void Debug(string message, Exception ex = null) => Current.Debug(message, ex);
to avoid property access:
public static void Debug(string message, Exception ex = null)
{
    _current.Debug(message, ex);
}
Minor but cleaner.

Alin A 25 Reputation points

2026-03-09T13:21:22.98+00:00

This my final code with all your suggestion above with some refactoring is it ok now?

Fixed version.txt
Alin A 25 Reputation points

2026-03-09T20:25:34.78+00:00

In addition:

MemoryAppender is the only solution to this problem?
Danny Nguyen (WICLOUD CORPORATION) 6,455 Reputation points Microsoft External Staff Moderator

2026-03-11T09:42:38.1866667+00:00
The approach is fine but here are some considerations

1) Reset repository before configuring

Yes, that’s the right fix to prevent duplicated appenders/duplicate lines if configuration is called again (tests, “re-init”, etc.).

Small correction: reset/configure the same repository explicitly:

using log4net; using log4net.Appender; using log4net.Config; using log4net.Repository.Hierarchy; private static void Configure(params IAppender[] appenders) { var h = (Hierarchy)LogManager.GetRepository(); h.ResetConfiguration(); BasicConfigurator.Configure(h.Repository, appenders); }

Only do this at startup (it wipes any host log4net config).

2) “Flush once” thread-safe

Interlocked on Current is optional. The important thread-safety is the _flushed flag in your failure-flush adapter:

using System.Threading; private int _flushed; public void Error(string message, Exception ex = null) { _logger.Error(message, ex); if (Interlocked.Exchange(ref _flushed, 1) == 1) return; foreach (var e in _memoryAppender.GetEvents()) _userAppender.DoAppend(e); _memoryAppender.Clear(); }

3) Memory can grow forever

Your “if events > 500 then Clear()” is a quick safety valve, but it can delete the exact “last 100 lines” you want to capture.

If you truly want “max 100 lines”, the better fix is: keep a capped ring buffer / queue of the last 100 events and flush that on Error.

4) Exit after Log.Error

No issue. In that design, the user log is a “pre-error context + error” dump, and the process exits—just state that clearly.

5) UserFailureOnly mode doesn’t buffer

Your buffered version is the right direction, but apply the same cap idea as (3) (last 100 events), instead of using MemoryAppender + GetEvents().Length checks.

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 3

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 4

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 5

Use of a MemoryAppender that is flushed only when a failure occurs is a valid pattern, but it should be implemented with attention to log levels, security, and resource usage.

Key points to consider:

Log only what is needed for the user
- Avoid copying full admin logs to the user’s location. Admin logs can contain sensitive data or internal details that should not be exposed.
- Configure the user‑side flush to include only messages at Error (or Warning/Critical) level that are relevant to troubleshooting from the user’s perspective.
- In .NET logging guidance, Trace and Debug are not recommended for production because of volume and potential sensitivity; keep those in the admin log only.
- See the log level guidance for how to choose which events to capture and flush to the user log.
Keep the admin log independent
- Continue to use the existing file appender for the administrator log as the primary, always‑on log.
- The MemoryAppender should be an additional appender that buffers events in memory; it should not interfere with the admin file appender.
- This matches the pattern where multiple providers/appender targets are configured and each receives the same log events.
Implement failure‑triggered flushing
- Configure the logger so that all events go to both the admin file appender and the MemoryAppender.
- On detection of a failure (for example, when logging an error or critical event), read the buffered events from the MemoryAppender and write them to a user‑specific file.
- Limit what is flushed based on log level (for example, only Information and above, or only Warning/Error/Critical) to avoid excessive or sensitive data.
- This aligns with log‑buffering guidance: buffer logs in memory and selectively emit them based on runtime conditions, while being mindful of memory usage.
Control memory usage and log size
- A MemoryAppender that accumulates logs for a long session can grow large. Apply limits (for example, maximum number of events or time window) and drop older entries when the limit is reached.
- This follows buffering best practices: set appropriate buffer size limits and, if applicable, use per‑request or per‑operation buffers so that a single long‑running session does not consume unbounded memory.
Provide a Null/disabled mode
- A NullLogger or configuration that sets log level to None is a reasonable way to disable logging when required (for example, in performance‑critical or privacy‑sensitive scenarios).
- Ensure that when logging is disabled, both the admin file appender and the MemoryAppender are effectively bypassed so that no data is written or buffered.
Security considerations for the user log
- Ensure that the user log location is secured with appropriate file system permissions so that only the intended user (or support personnel) can read it.
- Validate any data written to the log to avoid misleading or untrusted content.
- Avoid logging secrets, passwords, or other highly sensitive information in either admin or user logs.

If the current extension:

Keeps the admin file appender unchanged,
Uses a bounded MemoryAppender that is flushed only on error/critical events,
Filters what is flushed by log level and content,
And supports a configuration switch for NullLogger mode,

then it is an appropriate and robust solution for writing logs to a second file only when a failure occurs.

References:

Share via

Log4Net – Write logs to a second file only when a failure occurs (C# 10)

5 answers

1) Reset repository before configuring

2) “Flush once” thread-safe

3) Memory can grow forever

4) Exit after `Log.Error`

5) `UserFailureOnly` mode doesn’t buffer

Your answer

Share via

Log4Net – Write logs to a second file only when a failure occurs (C# 10)

5 answers

1) Reset repository before configuring

2) “Flush once” thread-safe

3) Memory can grow forever

4) Exit after Log.Error

5) UserFailureOnly mode doesn’t buffer

Your answer

4) Exit after `Log.Error`

5) `UserFailureOnly` mode doesn’t buffer