Logging

Incomplete article

More content to come as soon as possible. Want to contribute? Contact us on Slack (requires a Bouvet user account) or see the following issue on GitHub

Information related to logging

Verktøy

Alternativer til verktøy kan være Zabbix, Splunk, Grafana, Prometheus, Azure Monitor, eller Loki

• Use a standardized log format which can be consumed by aggregation tools
  • See OWASPs recommendations
  • Use the logs; they are not just for reacting after an incident
  • Consider adding alarms on certain metrics, such as a large number of failed login attempts
• Logg all exceptions and errors
• Centralize the logs and ensure backups are in place.
  • You cannot trust logs stored on a compromized resource!
  • GDPR; know what information to log and what to avoid
• Log system logins
  • Both successful and failed logins
• Log all attempts on accessing information with different classifications than a user has access to
• Log important events in the system
  • Configuration changes
  • User changes
  • Creations, Updates and Deletions
  • Check the business requirements and perform a risk assessment
• Ensure you log unexpected traffic.

Note

• The logs must contain enough information to investigate an incident.
  • Timestamps
  • Event description
  • Severity of errors
  • User
  • Any other relevant information