Logging
Incomplete article
More content to come as soon as possible. Want to contribute? Contact us on Slack (requires a Bouvet user account) or see the following issue on GitHub
Information related to logging
Verktøy
Alternativer til verktøy kan være Zabbix
, Splunk
, Grafana
, Prometheus
, Azure Monitor
, eller Loki
- Use a standardized log format which can be consumed by aggregation tools
- See OWASPs recommendations
- Use the logs; they are not just for reacting after an incident
- Consider adding alarms on certain metrics, such as a large number of failed login attempts
- Logg all exceptions and errors
- Centralize the logs and ensure backups are in place.
- You cannot trust logs stored on a compromized resource!
- GDPR; know what information to log and what to avoid
- Log system logins
- Both successful and failed logins
- Log all attempts on accessing information with different classifications than a user has access to
- Log important events in the system
- Configuration changes
- User changes
- Creations, Updates and Deletions
- Check the business requirements and perform a risk assessment
- Ensure you log unexpected traffic.
Note
- The logs must contain enough information to investigate an incident.
- Timestamps
- Event description
- Severity of errors
- User
- Any other relevant information