[OWASP_PHPSEC] Finding and indexing logs

Sven Rautenberg sven at rtbg.de
Sun Jul 28 09:59:29 UTC 2013


I wonder if it should be the task of this security centered library to
provide a fully sophisticated log framework completed with log searching
capabilities.

There are already tools to efficiently browse logfile output. Either the
logs go to syslog and are monitored by automated tools, or there are
tools like "logstash" and "greylog2" in place that do all the indexing
and browsing.

Or the logfile is considered small enough that "grep" will be a working
tool for the situation.

Regards,
Sven

Am 28.07.2013 11:15, schrieb rahul chaudhary:
> Hello All,
> 
> In logs,
> Logs will be generated and the files will be huge. So, searching in log
> files would be very heavy.
> A typical Log will look like this:
> [message]    [WARNING]    [HIGH]    [filename]    [line no]    [time and
> date]
> 
> Now to make a function that indexes log according to some element say we
> want all "WARNING" logs.
> To do this, I am thinking of creating a function like this
> 
> *findLogs($filename, $orderBy)* where *filename* would tell the location of
> the original log file and the *orderBy* will tell by which element would
> you like to sort (for now say "WARNING")
> 
> So, this function will create a file inside temp folder that will go to
> that log file and will index all the logs according to *orderBy*.
> 
> Then the searching in that temp file would be faster.
> 
> But then the issue is that the temp files can only be used once as the log
> files will constantly get updated.
> 
> Am I right or do I need to do something else ?
> 
> 
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 



More information about the OWASP_PHP_Security_Project mailing list