Questions and Answers
What is the primary purpose of logging in an application?
What type of data is typically logged in a large system?
What is the name of the HTTP request logger middleware for Node.js?
What is the purpose of the format argument in the Morgan API?
Signup and view all the answers
What is the purpose of the tokens object in the Morgan format function?
Signup and view all the answers
What is the purpose of the :date token in Morgan?
Signup and view all the answers
How do you install Morgan using npm?
Signup and view all the answers
What is the purpose of the morgan(format, options) API?
Signup and view all the answers
What does the :remote-addr token represent in a Morgan log format?
Signup and view all the answers
Which of the following predefined log formats is a color-coded log format by request status?
Signup and view all the answers
What does the :response-time token represent in a Morgan log format?
Signup and view all the answers
How do you specify the tokens you want in your log format when using Morgan?
Signup and view all the answers
What is the purpose of the :req[header] token in a Morgan log format?
Signup and view all the answers
What does the :total-time token represent in a Morgan log format?
Signup and view all the answers
What is the purpose of the 'flags: a' option when creating a file stream using the fs library?
Signup and view all the answers
What is the main advantage of using the rotating-file-stream module for log file rotation?
Signup and view all the answers
What is the purpose of the 'interval: 1d' option when creating a rotating write stream using the rotating-file-stream module?
Signup and view all the answers
What is the correct syntax for applying a custom token in a morgan logger?
Signup and view all the answers
What is the purpose of the 'path.join(__dirname, 'log')' option when creating a rotating write stream using the rotating-file-stream module?
Signup and view all the answers
What is the correct way to define a custom token in morgan?
Signup and view all the answers
Study Notes
Logging
- Logging is the collection and storing of data over a time period for analysis, used to gain insights, resolve bugs, and detect problems in an application.
- Simplest form of logging is using console.log to log data to the command line for debugging.
Importance of Logging
- Debugging: document steps leading up to an error
- Security Audits: detect and log suspicious activities or important events
What to Log
- Timestamp or log entry
- Timing data for the request
- Request endpoint data (e.g. paths: "/users" or verbs: GET, POST, PUT, DELETE)
- IP of the requesting party
- Exceptions
How to Log
- Manually write code to log required info to console, file, or database
- Use libraries like Morgan, Winson, or Log4JS
Morgan Library
- HTTP request logger middleware for Node.js
- Simplifies logging requests to an application
- Can be installed using npm install morgan --save
- Import with var morgan = require('morgan')
Using Morgan
- Create a new Morgan logger middleware function using format and options
- Format argument can be a string of a predefined name, a string of a format string, or a function that produces a log entry
- Tokens can be used to customize log format
Morgan Pre-defined Tokens
- :date - current date and time in UTC
- :http-version - HTTP version of the request
- :method - HTTP method of the request
- :referrer - Referrer header of the request
- :remote-addr - remote address (IP) of the request
- :remote-user - user authenticated as part of Basic auth for the request
- :req[header] - given header of the request
- :res[header] - given header of the response
- :response-time - time between request and response headers being written (in milliseconds)
- :status - status code of the response
- :total-time - time between request and response being written (in milliseconds)
- :url - URL of the request
- :user-agent - User-Agent header of the request
Predefined Log Formats
- combined - Apache standard combined format
- common - Apache standard common format
- dev - color-coded log format by request status
- short - shorter than default format
- tiny - even shorter, just response time and a few items
Creating Custom Tokens
- morgan.token('myToken', function(req, res) { ... return ...; })
- Custom token name and function that returns value representing token output in log
Applying Custom Token
- app.use(morgan(':myToken :method :url :date'));
- Apply and test the code to observe output in console
Applying Logging to File
- Use fs library to create a file stream and apply it to Morgan
- var fs = require('fs');
- const appLogStream = fs.createWriteStream(path.join(__dirname, 'app.log'), { flags: 'a' })
- app.use(morgan("combined", { stream: appLogStream }));
Log File Rotation
- Log file can grow to a large size, need to create multiple log files (e.g. one each day)
- Use rotating-file-stream module
- npm install rotating-file-stream --save
- var rfs = require('rotating-file-stream');
- Create a rotating write stream
- var appLogStream = rfs.createStream('access.log', { interval: '1d', // rotate daily path: path.join(__dirname, 'log') // write to a subdir log })
- app.use(morgan("combined", { stream: appLogStream }));
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers the concepts of logging in secure coding, including collecting and storing data for analysis, debugging, and security audits.
