[OWASP_PHPSEC] Finding and indexing logs

rahul chaudhary rahul300chaudhary400 at gmail.com
Sun Jul 28 15:24:45 UTC 2013


To send mails, I am just using PHP's mail function.

Do I need to also check or throw exception if the developer's machine has
not installed a proper mail client such as sendmail ??


On Sun, Jul 28, 2013 at 9:21 AM, Sven Rautenberg <sven at rtbg.de> wrote:

> The PSR-3 spec is found right next to the other ones already linked in
> the wiki on the coding style page.
>
>
> https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-3-logger-interface.md
>
> Am 28.07.2013 15:18, schrieb Abbas Naderi:
> > We do not need to be able to search/sort/etc our logs.
> > To send critical logs via email, you just have to email them as soon as
> they are sent to the logger lib, not afterwards. Log files are dumps of
> human-readable data, and we don't have anything to do with them.
> >
> > I think our logging works fine. I'll go through the observer pattern
> practices.
> >
> > Sven, can you please point the PSR-3 compliance page for loggers here? I
> want to make the hooks compliant.
> >
> > The only benefit I can see fit, is rolling the log files.
> > -A
> > ______________________________________________________________
> > Notice: This message is digitally signed, its source and integrity are
> verifiable.
> > If you mail client does not support S/MIME verification, it will display
> a file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird in
> AbiusX.com
> >
> > On Mordad 6, 1392, at 2:44 PM, Sven Rautenberg <sven at rtbg.de> wrote:
> >
> >> Well, I think it has been discussed on the mailinglist or somewhere if
> >> it would be a good solution to simply let the developer decide to pass
> >> in a logger that conforms to the PSR-3 logger interface definition.
> >>
> >> Any viable existing log framework supports all features you are asking
> >> for out of the box. For example, I am a fan of Log4PHP, and it would
> >> really annoy me if I had to use a different logger just for this library
> >> - and in the worst case, I am forced to use it and cannot disable it.
> >>
> >> Allowing me to pass a logger into the elements I want to use enables me
> >> to integrate the lib into the already set up logger configuration.
> >>
> >> Apart from that: Any existing log framework allows to send messages to
> >> multiple targets, mail being one of them. Probably in two or three
> >> different kinds of implementation:
> >>
> >> 1. Send mail immediately.
> >> 2. Send one mail at the end of the script.
> >> 3. Send one mail only if the log level of any message exceeds a
> >> threshold (like the FingersCrossedHandler of Monolog).
> >>
> >> If you want to build a log framework yourself, have a look at the
> >> feature description of other log frameworks to get the idea.
> >>
> >> Regards,
> >> Sven
> >>
> >> Am 28.07.2013 12:02, schrieb rahul chaudhary:
> >>> yes, true....but we were also thinking of putting functions to email
> >>> critical logs to the admins....for this I need to have something to
> search
> >>> all the logs for critical events.....or there is another way..as soon
> as a
> >>> critical event is generated, send that event in the mail....
> >>>
> >>>
> >>> On Sun, Jul 28, 2013 at 5:59 AM, Sven Rautenberg <sven at rtbg.de> wrote:
> >>>
> >>>> I wonder if it should be the task of this security centered library to
> >>>> provide a fully sophisticated log framework completed with log
> searching
> >>>> capabilities.
> >>>>
> >>>> There are already tools to efficiently browse logfile output. Either
> the
> >>>> logs go to syslog and are monitored by automated tools, or there are
> >>>> tools like "logstash" and "greylog2" in place that do all the indexing
> >>>> and browsing.
> >>>>
> >>>> Or the logfile is considered small enough that "grep" will be a
> working
> >>>> tool for the situation.
> >>>>
> >>>> Regards,
> >>>> Sven
> >>>>
> >>>> Am 28.07.2013 11:15, schrieb rahul chaudhary:
> >>>>> Hello All,
> >>>>>
> >>>>> In logs,
> >>>>> Logs will be generated and the files will be huge. So, searching in
> log
> >>>>> files would be very heavy.
> >>>>> A typical Log will look like this:
> >>>>> [message]    [WARNING]    [HIGH]    [filename]    [line no]    [time
> and
> >>>>> date]
> >>>>>
> >>>>> Now to make a function that indexes log according to some element
> say we
> >>>>> want all "WARNING" logs.
> >>>>> To do this, I am thinking of creating a function like this
> >>>>>
> >>>>> *findLogs($filename, $orderBy)* where *filename* would tell the
> location
> >>>> of
> >>>>> the original log file and the *orderBy* will tell by which element
> would
> >>>>> you like to sort (for now say "WARNING")
> >>>>>
> >>>>> So, this function will create a file inside temp folder that will go
> to
> >>>>> that log file and will index all the logs according to *orderBy*.
> >>>>>
> >>>>> Then the searching in that temp file would be faster.
> >>>>>
> >>>>> But then the issue is that the temp files can only be used once as
> the
> >>>> log
> >>>>> files will constantly get updated.
> >>>>>
> >>>>> Am I right or do I need to do something else ?
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> OWASP_PHP_Security_Project mailing list
> >>>>> OWASP_PHP_Security_Project at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> OWASP_PHP_Security_Project mailing list
> >>>> OWASP_PHP_Security_Project at lists.owasp.org
> >>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> >>>>
> >>>
> >>>
> >>>
> >>
> >> _______________________________________________
> >> OWASP_PHP_Security_Project mailing list
> >> OWASP_PHP_Security_Project at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> >
> >
>
>


-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130728/f488bff0/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list