Logging-Morgan.pptx
Document Details
Uploaded by FerventParody
Tags
Full Transcript
SecureCodi Logging ng LOGGING Collection and storing of data over a time period for analysis Can be used to gain insights, resolve bugs and detect problems of an application In its simplest form, you have probably used console.log to log data to the command line for debugging in BED. WH...
SecureCodi Logging ng LOGGING Collection and storing of data over a time period for analysis Can be used to gain insights, resolve bugs and detect problems of an application In its simplest form, you have probably used console.log to log data to the command line for debugging in BED. WHY LOG Debugging – Document the steps leading up to the error Security Audits – Detecting and logging suspicious activities or important activities/events With a large system, logging becomes even more important due to the complexity of tracking and detecting WHAT TO LOG Timestamp or log entry. Timing data for your request. Request endpoint data, such as paths: “/users” or verbs: GET, POST, PUT, DELETE IP of the requesting party. Exceptions HOW TO LOG In its simplest form, you can manually write code and write the required info to the console, file or database Libraries exist in the internet specifically for logging: Morgan, Winson, Log4JS etc We will focus on Morgan library MORGAN HTTP request logger middleware for node.js It simplifies the process of logging requests to your application. USING MORGAN https://www.npmjs.com/package/morgan Install with npm install morgan --save Import library with var morgan = require('morgan') API: morgan(format, options) Create a new morgan logger middleware function using the given format and options. The format argument may be a string of a predefined name, a string of a format string, or a function that will produce a log entry. The format function will be called with three arguments tokens, req, and res, where tokens is an object with all defined tokens, req is the HTTP request and res is the HTTP response. The function is expected to return a string that will be the log line, or undefined / null to skip logging. MORGAN PRE-DEFINED Token TOKENS Value :date The current date and time in UTC. :http-version The HTTP version of the request. :method The HTTP method of the request. :referrer The Referrer header of the request. :remote-addr The remote address (ip) of the request :remote-user The user authenticated as part of Basic auth for the request. :req[header] The given header of the request. :res[header] The given header of the response. :response-time The time between the request coming into morgan and when the response headers are written, in milliseconds :status The status code of the response. :total-time The time between the request coming into morgan and when the response has finished being written out to the connection, , in milliseconds :url The URL of the request. :user-agent The contents of the User-Agent header of the request. PREDEFINED LOG FORMATS Token Value combined Apache standard combined format common Apache standard common format dev A color-coded (by request status) log format short Shorter than the default format tiny Even shorter, just the response time and a few items PREDEFINED LOG FORMATS WITH MORGAN var morgan=require('morgan'); … app.use(morgan("combined”)); app.use(morgan(':method :url :date')); … USING PREDEFINED TOKENS Specify the tokens you want in your log format: … app.use(morgan(':method :url :date'));.. Token 1 …. Token n CREATING CUSTOM TOKENS morgan.token(‘myToken', function(req,res){ … return …; }); Custom Token name Function that returns some value representing token output in log APPLYING CUSTOM TOKEN app.use(morgan(‘:myToken :method :url :date')); Custom Token, with : and name of token Apply and test the code and observe output in console APPLYING LOGGING TO FILE Using fs libray to create a file stream and applying it to morgan var fs=require(‘fs’); … const appLogStream = fs.createWriteStream(path.join(__dirname, 'app.l og'), { flags: 'a' }) … app.use(morgan("combined”, { stream: appLogStream})); … Append mode to file Specify stream in options with file stream LOG FILE ROTATION The log file can grow to a very large size for applications hosted on the cloud Need to create multiple log files, eg one each day (depending on needs of application) Make use of the rotating-file-stream module npm install rotating-file-stream --save LOG FILE ROTATION var rfs = require('rotating-file-stream'); // create a rotating write stream var appLogStream = rfs.createStream('access.log', { interval: '1d', // rotate daily path: path.join(__dirname, 'log') //write to a subdir log }) … app.use(morgan("combined”, { stream: appLogStream}));