[OWASP_PHPSEC] Finding and indexing logs

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jul 28 10:02:28 UTC 2013


yes, true....but we were also thinking of putting functions to email
critical logs to the admins....for this I need to have something to search
all the logs for critical events.....or there is another way..as soon as a
critical event is generated, send that event in the mail....


On Sun, Jul 28, 2013 at 5:59 AM, Sven Rautenberg <sven at rtbg.de> wrote:

> I wonder if it should be the task of this security centered library to
> provide a fully sophisticated log framework completed with log searching
> capabilities.
>
> There are already tools to efficiently browse logfile output. Either the
> logs go to syslog and are monitored by automated tools, or there are
> tools like "logstash" and "greylog2" in place that do all the indexing
> and browsing.
>
> Or the logfile is considered small enough that "grep" will be a working
> tool for the situation.
>
> Regards,
> Sven
>
> Am 28.07.2013 11:15, schrieb rahul chaudhary:
> > Hello All,
> >
> > In logs,
> > Logs will be generated and the files will be huge. So, searching in log
> > files would be very heavy.
> > A typical Log will look like this:
> > [message]    [WARNING]    [HIGH]    [filename]    [line no]    [time and
> > date]
> >
> > Now to make a function that indexes log according to some element say we
> > want all "WARNING" logs.
> > To do this, I am thinking of creating a function like this
> >
> > *findLogs($filename, $orderBy)* where *filename* would tell the location
> of
> > the original log file and the *orderBy* will tell by which element would
> > you like to sort (for now say "WARNING")
> >
> > So, this function will create a file inside temp folder that will go to
> > that log file and will index all the logs according to *orderBy*.
> >
> > Then the searching in that temp file would be faster.
> >
> > But then the issue is that the temp files can only be used once as the
> log
> > files will constantly get updated.
> >
> > Am I right or do I need to do something else ?
> >
> >
> >
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> >
>
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130728/803db566/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list