Questions tagged [logging]
Specific to logging of alerts, activities and actions. This also covers user's history managed by software such as browsers.
386 questions
1vote
0answers
39views
How can you find out why passkeys failed? [closed]
Given that a passkey creation attempt fails, what are the steps one can take to identify the cause of the failure? It there a local log of browser passkey interaction? Is there a failure code ...
- 447
3votes
1answer
218views
Login, logout, session ID hashing and logging
The session ID is a randomly generated string (node, crypto) of minimum 32 chars. The session ID will be stored in a NoSQL sessions table as well as in the main SQL database. I will use SHA-512 as the ...
- 61
0votes
1answer
100views
Weird lines on access.log of apache web server
Lately i see some line like this in my access.log [2a05:22c7:1:2102::7] 114.32.218.17 - - [13/Dec/2024:01:03:10 +0000] "GET / HTTP/1.0" 200 12794 "-" "-" Normally my ...
- 101
4votes
2answers
160views
Logging Strategy (high costs for storing all logs)
In our organization, we use a GCP setup with Kubernetes. We generate tons of firewall logs as we provide a digital service that generates a high volume of requests from our users. Storing all these ...
1vote
0answers
95views
Log REST API calls in the most auditable way
I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server. I need to download data regularly from a third-party provider, and it ...
- 11
8votes
1answer
422views
Odd repetitive 16character 404 web requests, with json "RefreshTTL" payload
A few weeks ago we had a single user's browser start hitting the server with a peculiar request (IP redacted for their privacy): 1.1.1.1 - - [21/May/2024:07:42:31 +0000] "POST /3kFtdvOkagEQbIxH ...
11votes
3answers
3kviews
What security risks do you see with wrong OTPs appearing in application logs?
An application is logging wrong OTPs (but not correct OTPs). I asked the application developers to not log wrong OTPs because I do not see any benefits. However, they do not want to modify the ...
- 111
0votes
3answers
568views
Is it a security issue to include postcode and/or last name in a GET request query string?
I'm currently designing an API endpoint to validate a customer, and they can either pass in their postcode or their last name, as well as their customer ID (plus some other irrelevant data). I've ...
0votes
0answers
144views
How to write separate log files for separate services in dionaea honeypot
I am trying to set up a honeypot service on the network and I installed dionaea honeypot. I figured out that each service is being controlled by yaml files present in /opt/dionaea/etc/dionaea/services-...
0votes
0answers
136views
Unexpected drop in UFW noise, should I be worried?
I run a bare-metal on-premises GitLab server (Ubuntu 22.04) for a very small company. While the server isn't currently in production use, it is active and accessible over the public internet. I have ...
1vote
1answer
144views
Logging secrets in the user agent (browser)
There are sound reasons not to put any secrets, PII or other sensitive information into the logs on the server side (see OWASP ASVS V7). But should the same rule apply on the client side? Is there a ...
3votes
2answers
222views
Is there any Security Benefits (auditing) to keeping old emails/text that give 2FA account codes?
Is there any Security Benefits/Risk in keeping old "Here is your 2FA login code" in email and text? I always wonder if seeing one that is unread could queue me in to something bad happening ...
- 133
0votes
0answers
84views
Can my employer see my private google account history when just logging in and out in a matter of 10 seconds on a work laptop (REPOSTED) [duplicate]
So I did this post before on a guest account but I had further questions so now I'm posing it on a real one. Can my employer see my private google history/”google activity” if I didn’t do anything on ...
- 1
0votes
2answers
13kviews
Can my employer see my private google account history when just logging in and out in a matter of 10 seconds on a work laptop
Can my employer see my private google history/”google activity” if I didn’t do anything on my work pc? For some context I logged in to my private google account on my work computer just to send a pdf ...
- 1
1vote
1answer
132views
Guardrails Around Logs For Devs
Are there good ways to put guardrails on not logging sensitive information? For example, passwords If there isn't a guardrails approach, is there a way to help make the easy thing the right thing like ...
- 212
