Open cburchert opened 9 years ago
I have read something about this today.
Flask has a built-in function for logging requests.
Will look into this again.
Should we consider a resource /logs which is read only for vorstand and provides access logs? Then we could simply have a pre hook for everything storing a log entry in the database with fields like user_id, request arguments, resource, method, time, response. As it is primarily for debugging another option would be to just write a logfile.
Also can you link to flasks function when you find it?
Eve has a feature called OpLog, but this is probably not (yet) supported for sqlalchemy.
Otherwise I would just log into a file (have it rotated regularly!). I don't see a reason why it should be accessible via an API endpoint (at least after the code is well enough tested to be able to rely on its proper working).
More importantly: There should be an exception log, which logs errors with the relevant request data to reproduce & fix the bug.
Created a seperate issue(#25) for an exception log
The oplog is now officially featured in version 0.5. Documented here: http://python-eve.org/features#operations-log
Done? What about the log-endpoint?
We should use the OP log of eve, exceptions and query strings are logged by apache automatically.
Should we activate the OP log? It is easy now, however it will take a considerable amount of space. As all GET requests are logged it looks like this:
This results in ~ 250 B/s of log generated or about 20 MB per day, 8 GB per year. While this is feasible, is it necessary?
We already have exceptions and query strings of all requests. This adds the content of requests for POST and PATCH.
We have Sentry for error logging now. Is this OP log still needed?
Otherwise, this issue should be closed.
The oplog covers more than errors, but can answer questions like "who change the permissions for group x? Who changed the price for event y?"
I think this still has a use case.
However, the eve oplog is maybe too vigilant, as it logs everything. In the end, se are interested in successful read requests only, right?
All requests should be logged including their query strings(except passwords). This should vastly improve bug detection.
Yes we scan.