Logging in Secure Coding
20 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of logging in an application?

  • To document the steps leading up to an error
  • To gain insights and detect problems of an application (correct)
  • To detect and resolve bugs in an application
  • To simplify the process of tracking and detecting issues

What type of data is typically logged in a large system?

  • Only timestamp and log entry
  • Timing data, request endpoint data, and IP of the requesting party
  • Exceptions and security audits only
  • All of the above and more (correct)

What is the name of the HTTP request logger middleware for Node.js?

  • Log4JS
  • Winson
  • Morgan (correct)
  • SecureCodi

What is the purpose of the format argument in the Morgan API?

<p>To specify the format of the log entry (D)</p> Signup and view all the answers

What is the purpose of the tokens object in the Morgan format function?

<p>To store all defined tokens (A)</p> Signup and view all the answers

What is the purpose of the :date token in Morgan?

<p>To log the current date and time in UTC (B)</p> Signup and view all the answers

How do you install Morgan using npm?

<p>npm install morgan --save (D)</p> Signup and view all the answers

What is the purpose of the morgan(format, options) API?

<p>To create a new logger middleware function (C)</p> Signup and view all the answers

What does the :remote-addr token represent in a Morgan log format?

<p>The remote address (ip) of the request (C)</p> Signup and view all the answers

Which of the following predefined log formats is a color-coded log format by request status?

<p>dev (C)</p> Signup and view all the answers

What does the :response-time token represent in a Morgan log format?

<p>The time between the request coming into morgan and when the response headers are written, in milliseconds (D)</p> Signup and view all the answers

How do you specify the tokens you want in your log format when using Morgan?

<p>By passing a string with the tokens separated by spaces to the Morgan function (C)</p> Signup and view all the answers

What is the purpose of the :req[header] token in a Morgan log format?

<p>To log the request headers (D)</p> Signup and view all the answers

What does the :total-time token represent in a Morgan log format?

<p>The time between the request coming into morgan and when the response has finished being written out to the connection, in milliseconds (D)</p> Signup and view all the answers

What is the purpose of the 'flags: a' option when creating a file stream using the fs library?

<p>To append to the existing file (C)</p> Signup and view all the answers

What is the main advantage of using the rotating-file-stream module for log file rotation?

<p>It helps in managing log files of very large sizes (A)</p> Signup and view all the answers

What is the purpose of the 'interval: 1d' option when creating a rotating write stream using the rotating-file-stream module?

<p>To rotate the log files daily (A)</p> Signup and view all the answers

What is the correct syntax for applying a custom token in a morgan logger?

<p>app.use(morgan(':myToken :method :url :date')); (D)</p> Signup and view all the answers

What is the purpose of the 'path.join(__dirname, 'log')' option when creating a rotating write stream using the rotating-file-stream module?

<p>To specify the directory where the log files will be stored (B)</p> Signup and view all the answers

What is the correct way to define a custom token in morgan?

<p>morgan.token('myToken', function(req, res) { … }); (D)</p> Signup and view all the answers

Study Notes

Logging

  • Logging is the collection and storing of data over a time period for analysis, used to gain insights, resolve bugs, and detect problems in an application.
  • Simplest form of logging is using console.log to log data to the command line for debugging.

Importance of Logging

  • Debugging: document steps leading up to an error
  • Security Audits: detect and log suspicious activities or important events

What to Log

  • Timestamp or log entry
  • Timing data for the request
  • Request endpoint data (e.g. paths: "/users" or verbs: GET, POST, PUT, DELETE)
  • IP of the requesting party
  • Exceptions

How to Log

  • Manually write code to log required info to console, file, or database
  • Use libraries like Morgan, Winson, or Log4JS

Morgan Library

  • HTTP request logger middleware for Node.js
  • Simplifies logging requests to an application
  • Can be installed using npm install morgan --save
  • Import with var morgan = require('morgan')

Using Morgan

  • Create a new Morgan logger middleware function using format and options
  • Format argument can be a string of a predefined name, a string of a format string, or a function that produces a log entry
  • Tokens can be used to customize log format

Morgan Pre-defined Tokens

  • :date - current date and time in UTC
  • :http-version - HTTP version of the request
  • :method - HTTP method of the request
  • :referrer - Referrer header of the request
  • :remote-addr - remote address (IP) of the request
  • :remote-user - user authenticated as part of Basic auth for the request
  • :req[header] - given header of the request
  • :res[header] - given header of the response
  • :response-time - time between request and response headers being written (in milliseconds)
  • :status - status code of the response
  • :total-time - time between request and response being written (in milliseconds)
  • :url - URL of the request
  • :user-agent - User-Agent header of the request

Predefined Log Formats

  • combined - Apache standard combined format
  • common - Apache standard common format
  • dev - color-coded log format by request status
  • short - shorter than default format
  • tiny - even shorter, just response time and a few items

Creating Custom Tokens

  • morgan.token('myToken', function(req, res) { ... return ...; })
  • Custom token name and function that returns value representing token output in log

Applying Custom Token

  • app.use(morgan(':myToken :method :url :date'));
  • Apply and test the code to observe output in console

Applying Logging to File

  • Use fs library to create a file stream and apply it to Morgan
  • var fs = require('fs');
  • const appLogStream = fs.createWriteStream(path.join(__dirname, 'app.log'), { flags: 'a' })
  • app.use(morgan("combined", { stream: appLogStream }));

Log File Rotation

  • Log file can grow to a large size, need to create multiple log files (e.g. one each day)
  • Use rotating-file-stream module
  • npm install rotating-file-stream --save
  • var rfs = require('rotating-file-stream');
  • Create a rotating write stream
  • var appLogStream = rfs.createStream('access.log', { interval: '1d', // rotate daily path: path.join(__dirname, 'log') // write to a subdir log })
  • app.use(morgan("combined", { stream: appLogStream }));

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

Logging-Morgan.pptx

Description

This quiz covers the concepts of logging in secure coding, including collecting and storing data for analysis, debugging, and security audits.

More Like This

Output Controls for Data Security
4 questions
Logging in to Toast Tables App
6 questions

Logging in to Toast Tables App

EnergyEfficientFlashback9329 avatar
EnergyEfficientFlashback9329
Logging
10 questions

Logging

IndulgentJupiter avatar
IndulgentJupiter
Use Quizgecko on...
Browser
Browser