[OWASP-FILTERS] Logging for filters ?

Alex Russell alex at netWindows.org
Thu Oct 31 18:57:44 EST 2002


On Thursday 31 October 2002 16:41, Mark Curphey wrote:
> Not sure how much of a priority it would be to be
> honest. Anyone else ? Maybe a simple logging
> infrastructure such that it notes when an event
> occured for Version 1 and then a verbose logging
> infratsructure when you write out specific string
> patterns or something for later versions. Not sure,
> it was just a thought....

the only reason I hesitate at all on this is that unlike everything else 
we've proposed doing so far, logging isn't platform independent. Do we log 
to syslog? What about the Windows event log? SMTP? Do we write our own 
logging infrastructure that takes "pluggable" end-logging? If so, should 
that run as a daemon process? And do we re-implment in every target 
language? etc...

It gets messy fast, and that's without log integrity and authenticity 
concerns thrown in. We will have to deal with these problems eventually, 
and it's the right thing to do. Question is, is it the right thing to do 
right now?

-- 
Alex Russell
alex at SecurePipe.com
alex at netWindows.org




More information about the Owasp-filters mailing list