OP log - Githubissues

amiv-eth / amivapi

The REST API behind most of AMIV's web services.

http://api.amiv.ethz.ch/docs

GNU Affero General Public License v3.0

31 stars 6 forks source link

OP log #14

Open cburchert opened 9 years ago

cburchert commented 9 years ago

All requests should be logged including their query strings(except passwords). This should vastly improve bug detection.

Yes we scan.

NotSpecial commented 9 years ago

I have read something about this today.

Flask has a built-in function for logging requests.

Will look into this again.

cburchert commented 9 years ago

Should we consider a resource /logs which is read only for vorstand and provides access logs? Then we could simply have a pre hook for everything storing a log entry in the database with fields like user_id, request arguments, resource, method, time, response. As it is primarily for debugging another option would be to just write a logfile.

cburchert commented 9 years ago

Also can you link to flasks function when you find it?

fubu commented 9 years ago

Eve has a feature called OpLog, but this is probably not (yet) supported for sqlalchemy.

Otherwise I would just log into a file (have it rotated regularly!). I don't see a reason why it should be accessible via an API endpoint (at least after the code is well enough tested to be able to rely on its proper working).

More importantly: There should be an exception log, which logs errors with the relevant request data to reproduce & fix the bug.

cburchert commented 9 years ago

Created a seperate issue(#25) for an exception log

NotSpecial commented 9 years ago

The oplog is now officially featured in version 0.5. Documented here: http://python-eve.org/features#operations-log

hermannsblum commented 9 years ago

Done? What about the log-endpoint?

cburchert commented 8 years ago

We should use the OP log of eve, exceptions and query strings are logged by apache automatically.

cburchert commented 7 years ago

Should we activate the OP log? It is easy now, however it will take a considerable amount of space. As all GET requests are logged it looks like this:

About 1 kB per request logged
We get approximately one frontend request per 20 seconds based on current website statistics
Each of those results in ~5 API queries (guessed)

This results in ~ 250 B/s of log generated or about 20 MB per day, 8 GB per year. While this is feasible, is it necessary?

We already have exceptions and query strings of all requests. This adds the content of requests for POST and PATCH.

temparus commented 5 years ago

We have Sentry for error logging now. Is this OP log still needed?

Otherwise, this issue should be closed.

NotSpecial commented 5 years ago

The oplog covers more than errors, but can answer questions like "who change the permissions for group x? Who changed the price for event y?"

I think this still has a use case.

However, the eve oplog is maybe too vigilant, as it logs everything. In the end, se are interested in successful read requests only, right?