This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Practical Logging In Web Applications"
From OWASP
(→Identity Flow Through Application Layers) |
|||
Line 12: | Line 12: | ||
===What to Log=== | ===What to Log=== | ||
− | - date and time | + | -date and time |
− | - server IP | + | -server IP |
− | - source IP | + | -source IP |
− | - URL requested | + | -URL requested |
− | - module/action/class responsible | + | -module/action/class responsible |
− | - user ID | + | -user ID |
− | - description of the event | + | -description of the event |
− | - severity level | + | -severity level |
===References=== | ===References=== | ||
http://msdn2.microsoft.com/en-US/library/aa302420.aspx#c04618429_004 | http://msdn2.microsoft.com/en-US/library/aa302420.aspx#c04618429_004 |
Revision as of 01:40, 8 August 2007
The Problem
Identity Flow Through Application Layers
All web application security experts will tell you how important logging is [1][2][3][4]. How else can you detect attacks, successful or otherwise? Logs should allow you to replay a user's request lifecycle. In an enterprise web application, this is a lot of work and I'm not happy to tell you not many people are doing it right.
There's generally two things development teams have to figure out when architecting a logging strategy; what to log and when to log.
When to Log
There's sdfsdf sdfsdfsdf sdfsdfsdf
What to Log
-date and time -server IP -source IP -URL requested -module/action/class responsible -user ID -description of the event -severity level
References
http://msdn2.microsoft.com/en-US/library/aa302420.aspx#c04618429_004