Security logging?

dwn

So, there are certain events which should definitely be logged for administrative review. For example, if my plugin detects a socket request that seems maliciously invalid, it should be logged.

Right now I'm using winston.error and dumping the socket info / specific error info.

Is this correct? Should there be some other logging mechanism for potential attacks/malicious users? Ideally any time something like that occurs, the IP of the attacker should be dumped to the log.

julian

Does this help? gh#150

damianb created this issue in NodeBB/NodeBB

closed Application event logging & auditing #150

dwn

Yeah, events.js seems like it should contain the functionality for this. It currently only logs UID, but a lot of those functions should probably log the IP of the triggering party as well.

It seems like the only way to do that is to have IP be a parameter for most of those calls. That's a little tedious.

my fantasy: events are logged to the db as well as flatfile, have severity/importance levels, contain as much info as possible about who triggered it if the logging fn is passed a socket or request object, there's hooks for events of high severity, by default sends email or notification to admins when high-sev occurs