This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Security Logging Project"

From OWASP
Jump to: navigation, search
(2nd attempt initial post, fixed up headings bug)
m (Fix typo)
 
(15 intermediate revisions by 4 users not shown)
Line 18: Line 18:
  
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
== Quick Start ==
 +
Overview of benefits and what you need to get started quickly.
 +
 +
[http://www.securitycurmudgeon.com/2016/03/owasp-security-logging-project-explored.html OWASP Security Logging Project Explored]
  
 
== Project Resources ==
 
== Project Resources ==
Line 25: Line 30:
  
 
[https://github.com/javabeanz/owasp-security-logging/issues Issue Tracker]
 
[https://github.com/javabeanz/owasp-security-logging/issues Issue Tracker]
 
 
== Project Leader ==
 
[mailto:sytze.vonkoningsveld@owasp.org Sytze van Koningsveld]
 
 
[mailto:august.detlefsen@owasp.org August Detlefsen]
 
 
[mailto:milton.smith@owasp.org Milton Smith]
 
 
 
  
 
== Related Projects ==
 
== Related Projects ==
 
 
 
* [[Logging_Cheat_Sheet|Logging Cheat Sheet]]
 
* [[Logging_Cheat_Sheet|Logging Cheat Sheet]]
 
  
 
==Classifications==
 
==Classifications==
 
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
Line 53: Line 44:
 
   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 
   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 
   |-
 
   |-
   | colspan="2" align="center"  | [[File:Agplv3-155x51.png|link=http://www.gnu.org/licenses/agpl-3.0.html|Affero General Public License 3.0]]
+
   | colspan="2" align="center"  | [http://www.apache.org/licenses/LICENSE-2.0.html ASLv2]
 
   |}
 
   |}
  
| valign="top"  style="padding-left:25px;width:200px;" |  
+
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Project Leaders ==
 +
[mailto:sytze.vonkoningsveld@owasp.org Sytze van Koningsveld]
 +
 
 +
[mailto:august.detlefsen@owasp.org August Detlefsen]
 +
 
 +
[mailto:milton.smith@owasp.org Milton Smith]
  
 
== News and Events ==
 
== News and Events ==
23 Dec 2014 Project Created and source code now available!
+
 
 +
18 Jan 2018, [https://github.com/javabeanz/owasp-security-logging/releases/tag/v1.1.4 Version 1.1.4 released]
 +
 
 +
1 Jul 2016, [http://www.slideshare.net/MiltonSmith6/how-to-use-owasp-security-logging How to Use OWASP Security Logging, AppSecEU 2016 Lightning Talk]
 +
 
 +
5 Mar 2015, Version 1.0.0 deployed to Maven Central
 +
 
 +
23 Dec 2014, Project Created and source code now available!
  
 
|}
 
|}
 +
 +
<paypal>OWASP Security Logging Project</paypal>
  
 
=FAQs=
 
=FAQs=
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+
 
<span style="color:#ff0000">
+
The following provides answers to frequently asked questions.
Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
 
</span>
 
  
 
==How can I participate in your project?==
 
==How can I participate in your project?==
Line 73: Line 78:
  
 
==If I am not a programmer can I participate in your project?==
 
==If I am not a programmer can I participate in your project?==
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.  
+
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.
  
 
= Acknowledgements =
 
= Acknowledgements =
 
==Volunteers==
 
==Volunteers==
  
<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+
Only project leads for the moment. Email projects leads if you would like to participate.
<span style="color:#ff0000">
 
The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project.
 
Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project.
 
Be sure to provide a link to a complete list of all the amazing people in your project's community as well.
 
</span>
 
  
 +
=Roadmap & Getting Involved=
  
 
Today many logging technologies are available providing powerful application logging capabilities.  But while powerful, these technologies are not designed for specific use-cases like security and auditing.  The generalized approach to logging platforms makes these platforms more useful to the widest possible audience but it also places more responsibility on designers.  In short, we don't consider our desire for additional improvement for security and audit logs is no oversight on the part of logging platform designers.
 
Today many logging technologies are available providing powerful application logging capabilities.  But while powerful, these technologies are not designed for specific use-cases like security and auditing.  The generalized approach to logging platforms makes these platforms more useful to the widest possible audience but it also places more responsibility on designers.  In short, we don't consider our desire for additional improvement for security and audit logs is no oversight on the part of logging platform designers.
Line 175: Line 176:
 
|Alpha 1
 
|Alpha 1
 
|-
 
|-
|Feature 1d, client time\date in UTL
+
|Feature 1d, client time\date in UTC
 
|'''X'''
 
|'''X'''
 
|'''X'''
 
|'''X'''
Line 312: Line 313:
  
 
==Feature 1, MDC metadata improvements==
 
==Feature 1, MDC metadata improvements==
This feature adds certain metadata useful for security purposes to logback’s Mapped Diagnostics Content.  The following metadata will be mapped where available.
+
This feature adds certain metadata useful for security purposes to logback’s Mapped Diagnostics Context.  The following metadata will be mapped where available.
  
 
===process id (feature 1a)===
 
===process id (feature 1a)===

Latest revision as of 01:08, 21 May 2018

OWASP Project Header.jpg

OWASP Security Logging Project

The OWASP Security Logging project provides developers and ops personnel with APIs for logging security-related events. The aim is to let developers use the same set of logging APIs they are already familiar with from over a decade of experience with Log4J and its successors, while also adding powerful security features.

Description

Logging is often neglected by developers when thinking of security considerations. However, proper logging practice can provide the crucial forensics needed to investigate after a breach, and perhaps more importantly, a change to detect security issues as they happen. Most developers are already familiar with using logging for debugging and diagnostic purposes, so it should be easy for them to grasp the concept of security logging as well. The OWASP Security Logging project aims to give developers an easy way to get started with logging security events, tracking extra forensic information like the who (username), what (event type), and where (IP address, server name) needed for forensics. It also provides a means for classifying the information in log messages and applying masking if necessary.

Licensing

This library is free software: you can redistribute it and/or modify it under the terms of the Apache License, Version 2.0. You can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Quick Start

Overview of benefits and what you need to get started quickly.

OWASP Security Logging Project Explored

Project Resources

Source Code

Documentation

Issue Tracker

Related Projects

Classifications

Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
ASLv2

Project Leaders

Sytze van Koningsveld

August Detlefsen

Milton Smith

News and Events

18 Jan 2018, Version 1.1.4 released

1 Jul 2016, How to Use OWASP Security Logging, AppSecEU 2016 Lightning Talk

5 Mar 2015, Version 1.0.0 deployed to Maven Central

23 Dec 2014, Project Created and source code now available!

<paypal>OWASP Security Logging Project</paypal>