Application logging, and in particular, application security logging may not sound the most exciting of subjects, but it really can be a very useful tool that helps during development and operation.
If you remember, I have written about application security logging a number of times before. I have now consolidated all that information, and more, into a new document for the OWASP cheat sheet series about application logging that explains the benefits and details:
- Design, implementation and testing
- Event data sources
- Where to record event data
- Which events to log
- Event attributes
- Data to exclude
- Customisable logging
- Event collection
- Deployment and operation
- Monitoring of events
- Disposal of logs
The cheat sheet guide is a wiki page, so if you have any contributions, please add them. If you know any other good reference articles, I would like to hear about them.
Posted on: 23 April 2012 at 22:31 hrs