Practical Logging In Web Applications
Identity Flow Through Application Layers
All web application security experts will tell you how important logging is . How else can you detect attacks, successful or otherwise? Logs should allow you to replay a user's request lifecycle. In an enterprise web application, this is a lot of work and I'm not happy to tell you not many people are doing it right.
There's generally two things development teams have to figure out when architecting a logging strategy; what to log and when to log.
When to Log
There's sdfsdf sdfsdfsdf sdfsdfsdf
What to Log
Whether you're investigating your log files as part of a regular monitoring program or incident response, there's a general consensus on what kind of information an application log message should contain:
- date and time
- server IP
- source IP
- URL requested
- module/action/class responsible
- user ID
- description of the event
- severity level