Security logging?



  • So, there are certain events which should definitely be logged for administrative review. For example, if my plugin detects a socket request that seems maliciously invalid, it should be logged.

    Right now I'm using winston.error and dumping the socket info / specific error info.

    Is this correct? Should there be some other logging mechanism for potential attacks/malicious users? Ideally any time something like that occurs, the IP of the attacker should be dumped to the log.


  • Admin

    Does this help? gh#150



  • Yeah, events.js seems like it should contain the functionality for this. It currently only logs UID, but a lot of those functions should probably log the IP of the triggering party as well.

    It seems like the only way to do that is to have IP be a parameter for most of those calls. That's a little tedious.

    my fantasy: events are logged to the db as well as flatfile, have severity/importance levels, contain as much info as possible about who triggered it if the logging fn is passed a socket or request object, there's hooks for events of high severity, by default sends email or notification to admins when high-sev occurs


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.