This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Security Logging Project"
From OWASP
Miltonsmith (talk | contribs) (2nd attempt initial post, fixed up headings bug) |
m (Fix typo) |
||
(15 intermediate revisions by 4 users not shown) | |||
Line 18: | Line 18: | ||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | == Quick Start == | ||
+ | Overview of benefits and what you need to get started quickly. | ||
+ | |||
+ | [http://www.securitycurmudgeon.com/2016/03/owasp-security-logging-project-explored.html OWASP Security Logging Project Explored] | ||
== Project Resources == | == Project Resources == | ||
Line 25: | Line 30: | ||
[https://github.com/javabeanz/owasp-security-logging/issues Issue Tracker] | [https://github.com/javabeanz/owasp-security-logging/issues Issue Tracker] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Related Projects == | == Related Projects == | ||
− | |||
− | |||
* [[Logging_Cheat_Sheet|Logging Cheat Sheet]] | * [[Logging_Cheat_Sheet|Logging Cheat Sheet]] | ||
− | |||
==Classifications== | ==Classifications== | ||
− | |||
{| width="200" cellpadding="2" | {| width="200" cellpadding="2" | ||
|- | |- | ||
Line 53: | Line 44: | ||
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]] | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]] | ||
|- | |- | ||
− | | colspan="2" align="center" | [ | + | | colspan="2" align="center" | [http://www.apache.org/licenses/LICENSE-2.0.html ASLv2] |
|} | |} | ||
− | | valign="top" style="padding-left:25px;width:200px;" | | + | | valign="top" style="padding-left:25px;width:200px;" | |
+ | |||
+ | == Project Leaders == | ||
+ | [mailto:sytze.vonkoningsveld@owasp.org Sytze van Koningsveld] | ||
+ | |||
+ | [mailto:august.detlefsen@owasp.org August Detlefsen] | ||
+ | |||
+ | [mailto:milton.smith@owasp.org Milton Smith] | ||
== News and Events == | == News and Events == | ||
− | 23 Dec 2014 Project Created and source code now available! | + | |
+ | 18 Jan 2018, [https://github.com/javabeanz/owasp-security-logging/releases/tag/v1.1.4 Version 1.1.4 released] | ||
+ | |||
+ | 1 Jul 2016, [http://www.slideshare.net/MiltonSmith6/how-to-use-owasp-security-logging How to Use OWASP Security Logging, AppSecEU 2016 Lightning Talk] | ||
+ | |||
+ | 5 Mar 2015, Version 1.0.0 deployed to Maven Central | ||
+ | |||
+ | 23 Dec 2014, Project Created and source code now available! | ||
|} | |} | ||
+ | |||
+ | <paypal>OWASP Security Logging Project</paypal> | ||
=FAQs= | =FAQs= | ||
− | + | ||
− | + | The following provides answers to frequently asked questions. | |
− | |||
− | |||
==How can I participate in your project?== | ==How can I participate in your project?== | ||
Line 73: | Line 78: | ||
==If I am not a programmer can I participate in your project?== | ==If I am not a programmer can I participate in your project?== | ||
− | Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. | + | Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator. |
= Acknowledgements = | = Acknowledgements = | ||
==Volunteers== | ==Volunteers== | ||
− | + | Only project leads for the moment. Email projects leads if you would like to participate. | |
− | |||
− | |||
− | |||
− | |||
− | |||
+ | =Roadmap & Getting Involved= | ||
Today many logging technologies are available providing powerful application logging capabilities. But while powerful, these technologies are not designed for specific use-cases like security and auditing. The generalized approach to logging platforms makes these platforms more useful to the widest possible audience but it also places more responsibility on designers. In short, we don't consider our desire for additional improvement for security and audit logs is no oversight on the part of logging platform designers. | Today many logging technologies are available providing powerful application logging capabilities. But while powerful, these technologies are not designed for specific use-cases like security and auditing. The generalized approach to logging platforms makes these platforms more useful to the widest possible audience but it also places more responsibility on designers. In short, we don't consider our desire for additional improvement for security and audit logs is no oversight on the part of logging platform designers. | ||
Line 175: | Line 176: | ||
|Alpha 1 | |Alpha 1 | ||
|- | |- | ||
− | |Feature 1d, client time\date in | + | |Feature 1d, client time\date in UTC |
|'''X''' | |'''X''' | ||
|'''X''' | |'''X''' | ||
Line 312: | Line 313: | ||
==Feature 1, MDC metadata improvements== | ==Feature 1, MDC metadata improvements== | ||
− | This feature adds certain metadata useful for security purposes to logback’s Mapped Diagnostics | + | This feature adds certain metadata useful for security purposes to logback’s Mapped Diagnostics Context. The following metadata will be mapped where available. |
===process id (feature 1a)=== | ===process id (feature 1a)=== |
Latest revision as of 01:08, 21 May 2018