Logging in Secure Coding
20 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of logging in an application?

  • To document the steps leading up to an error
  • To gain insights and detect problems of an application (correct)
  • To detect and resolve bugs in an application
  • To simplify the process of tracking and detecting issues
  • What type of data is typically logged in a large system?

  • Only timestamp and log entry
  • Timing data, request endpoint data, and IP of the requesting party
  • Exceptions and security audits only
  • All of the above and more (correct)
  • What is the name of the HTTP request logger middleware for Node.js?

  • Log4JS
  • Winson
  • Morgan (correct)
  • SecureCodi
  • What is the purpose of the format argument in the Morgan API?

    <p>To specify the format of the log entry</p> Signup and view all the answers

    What is the purpose of the tokens object in the Morgan format function?

    <p>To store all defined tokens</p> Signup and view all the answers

    What is the purpose of the :date token in Morgan?

    <p>To log the current date and time in UTC</p> Signup and view all the answers

    How do you install Morgan using npm?

    <p>npm install morgan --save</p> Signup and view all the answers

    What is the purpose of the morgan(format, options) API?

    <p>To create a new logger middleware function</p> Signup and view all the answers

    What does the :remote-addr token represent in a Morgan log format?

    <p>The remote address (ip) of the request</p> Signup and view all the answers

    Which of the following predefined log formats is a color-coded log format by request status?

    <p>dev</p> Signup and view all the answers

    What does the :response-time token represent in a Morgan log format?

    <p>The time between the request coming into morgan and when the response headers are written, in milliseconds</p> Signup and view all the answers

    How do you specify the tokens you want in your log format when using Morgan?

    <p>By passing a string with the tokens separated by spaces to the Morgan function</p> Signup and view all the answers

    What is the purpose of the :req[header] token in a Morgan log format?

    <p>To log the request headers</p> Signup and view all the answers

    What does the :total-time token represent in a Morgan log format?

    <p>The time between the request coming into morgan and when the response has finished being written out to the connection, in milliseconds</p> Signup and view all the answers

    What is the purpose of the 'flags: a' option when creating a file stream using the fs library?

    <p>To append to the existing file</p> Signup and view all the answers

    What is the main advantage of using the rotating-file-stream module for log file rotation?

    <p>It helps in managing log files of very large sizes</p> Signup and view all the answers

    What is the purpose of the 'interval: 1d' option when creating a rotating write stream using the rotating-file-stream module?

    <p>To rotate the log files daily</p> Signup and view all the answers

    What is the correct syntax for applying a custom token in a morgan logger?

    <p>app.use(morgan(':myToken :method :url :date'));</p> Signup and view all the answers

    What is the purpose of the 'path.join(__dirname, 'log')' option when creating a rotating write stream using the rotating-file-stream module?

    <p>To specify the directory where the log files will be stored</p> Signup and view all the answers

    What is the correct way to define a custom token in morgan?

    <p>morgan.token('myToken', function(req, res) { … });</p> Signup and view all the answers

    Study Notes

    Logging

    • Logging is the collection and storing of data over a time period for analysis, used to gain insights, resolve bugs, and detect problems in an application.
    • Simplest form of logging is using console.log to log data to the command line for debugging.

    Importance of Logging

    • Debugging: document steps leading up to an error
    • Security Audits: detect and log suspicious activities or important events

    What to Log

    • Timestamp or log entry
    • Timing data for the request
    • Request endpoint data (e.g. paths: "/users" or verbs: GET, POST, PUT, DELETE)
    • IP of the requesting party
    • Exceptions

    How to Log

    • Manually write code to log required info to console, file, or database
    • Use libraries like Morgan, Winson, or Log4JS

    Morgan Library

    • HTTP request logger middleware for Node.js
    • Simplifies logging requests to an application
    • Can be installed using npm install morgan --save
    • Import with var morgan = require('morgan')

    Using Morgan

    • Create a new Morgan logger middleware function using format and options
    • Format argument can be a string of a predefined name, a string of a format string, or a function that produces a log entry
    • Tokens can be used to customize log format

    Morgan Pre-defined Tokens

    • :date - current date and time in UTC
    • :http-version - HTTP version of the request
    • :method - HTTP method of the request
    • :referrer - Referrer header of the request
    • :remote-addr - remote address (IP) of the request
    • :remote-user - user authenticated as part of Basic auth for the request
    • :req[header] - given header of the request
    • :res[header] - given header of the response
    • :response-time - time between request and response headers being written (in milliseconds)
    • :status - status code of the response
    • :total-time - time between request and response being written (in milliseconds)
    • :url - URL of the request
    • :user-agent - User-Agent header of the request

    Predefined Log Formats

    • combined - Apache standard combined format
    • common - Apache standard common format
    • dev - color-coded log format by request status
    • short - shorter than default format
    • tiny - even shorter, just response time and a few items

    Creating Custom Tokens

    • morgan.token('myToken', function(req, res) { ... return ...; })
    • Custom token name and function that returns value representing token output in log

    Applying Custom Token

    • app.use(morgan(':myToken :method :url :date'));
    • Apply and test the code to observe output in console

    Applying Logging to File

    • Use fs library to create a file stream and apply it to Morgan
    • var fs = require('fs');
    • const appLogStream = fs.createWriteStream(path.join(__dirname, 'app.log'), { flags: 'a' })
    • app.use(morgan("combined", { stream: appLogStream }));

    Log File Rotation

    • Log file can grow to a large size, need to create multiple log files (e.g. one each day)
    • Use rotating-file-stream module
    • npm install rotating-file-stream --save
    • var rfs = require('rotating-file-stream');
    • Create a rotating write stream
    • var appLogStream = rfs.createStream('access.log', { interval: '1d', // rotate daily path: path.join(__dirname, 'log') // write to a subdir log })
    • app.use(morgan("combined", { stream: appLogStream }));

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    Logging-Morgan.pptx

    Description

    This quiz covers the concepts of logging in secure coding, including collecting and storing data for analysis, debugging, and security audits.

    More Like This

    Logging in to Toast Tables App
    6 questions

    Logging in to Toast Tables App

    EnergyEfficientFlashback9329 avatar
    EnergyEfficientFlashback9329
    Logging
    10 questions

    Logging

    IndulgentJupiter avatar
    IndulgentJupiter
    Use Quizgecko on...
    Browser
    Browser