[OWASP_PHPSEC] Finding and indexing logs

Abbas Naderi abiusx at owasp.org
Sun Jul 28 13:18:19 UTC 2013


We do not need to be able to search/sort/etc our logs.
To send critical logs via email, you just have to email them as soon as they are sent to the logger lib, not afterwards. Log files are dumps of human-readable data, and we don't have anything to do with them.

I think our logging works fine. I'll go through the observer pattern practices.

Sven, can you please point the PSR-3 compliance page for loggers here? I want to make the hooks compliant.

The only benefit I can see fit, is rolling the log files.
-A
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Mordad 6, 1392, at 2:44 PM, Sven Rautenberg <sven at rtbg.de> wrote:

> Well, I think it has been discussed on the mailinglist or somewhere if
> it would be a good solution to simply let the developer decide to pass
> in a logger that conforms to the PSR-3 logger interface definition.
> 
> Any viable existing log framework supports all features you are asking
> for out of the box. For example, I am a fan of Log4PHP, and it would
> really annoy me if I had to use a different logger just for this library
> - and in the worst case, I am forced to use it and cannot disable it.
> 
> Allowing me to pass a logger into the elements I want to use enables me
> to integrate the lib into the already set up logger configuration.
> 
> Apart from that: Any existing log framework allows to send messages to
> multiple targets, mail being one of them. Probably in two or three
> different kinds of implementation:
> 
> 1. Send mail immediately.
> 2. Send one mail at the end of the script.
> 3. Send one mail only if the log level of any message exceeds a
> threshold (like the FingersCrossedHandler of Monolog).
> 
> If you want to build a log framework yourself, have a look at the
> feature description of other log frameworks to get the idea.
> 
> Regards,
> Sven
> 
> Am 28.07.2013 12:02, schrieb rahul chaudhary:
>> yes, true....but we were also thinking of putting functions to email
>> critical logs to the admins....for this I need to have something to search
>> all the logs for critical events.....or there is another way..as soon as a
>> critical event is generated, send that event in the mail....
>> 
>> 
>> On Sun, Jul 28, 2013 at 5:59 AM, Sven Rautenberg <sven at rtbg.de> wrote:
>> 
>>> I wonder if it should be the task of this security centered library to
>>> provide a fully sophisticated log framework completed with log searching
>>> capabilities.
>>> 
>>> There are already tools to efficiently browse logfile output. Either the
>>> logs go to syslog and are monitored by automated tools, or there are
>>> tools like "logstash" and "greylog2" in place that do all the indexing
>>> and browsing.
>>> 
>>> Or the logfile is considered small enough that "grep" will be a working
>>> tool for the situation.
>>> 
>>> Regards,
>>> Sven
>>> 
>>> Am 28.07.2013 11:15, schrieb rahul chaudhary:
>>>> Hello All,
>>>> 
>>>> In logs,
>>>> Logs will be generated and the files will be huge. So, searching in log
>>>> files would be very heavy.
>>>> A typical Log will look like this:
>>>> [message]    [WARNING]    [HIGH]    [filename]    [line no]    [time and
>>>> date]
>>>> 
>>>> Now to make a function that indexes log according to some element say we
>>>> want all "WARNING" logs.
>>>> To do this, I am thinking of creating a function like this
>>>> 
>>>> *findLogs($filename, $orderBy)* where *filename* would tell the location
>>> of
>>>> the original log file and the *orderBy* will tell by which element would
>>>> you like to sort (for now say "WARNING")
>>>> 
>>>> So, this function will create a file inside temp folder that will go to
>>>> that log file and will index all the logs according to *orderBy*.
>>>> 
>>>> Then the searching in that temp file would be faster.
>>>> 
>>>> But then the issue is that the temp files can only be used once as the
>>> log
>>>> files will constantly get updated.
>>>> 
>>>> Am I right or do I need to do something else ?
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> OWASP_PHP_Security_Project mailing list
>>>> OWASP_PHP_Security_Project at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>> 
>>> 
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>> 
>> 
>> 
>> 
> 
> _______________________________________________
> OWASP_PHP_Security_Project mailing list
> OWASP_PHP_Security_Project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130728/53820a70/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list