zenmonkeykstop
commented
1 year ago The parsing of logs would involve a whole new system component altogether, it's worth doing tho. We could go ahead with that implementation without making a decision on the "logs go to FPF" part.
This is a potential external/GSoC/Outreachy-friendly project for someone with a devSecOps focus.
We should be parsing logs in
sd-logfor events that indicate bugs or ongoing attacks. These can get sent to journalists, admins and optionally to the SecureDrop team. Sending alerts up to the engineering team would be extremely valuable as it would give us at least some visibility into an environment that is right now basically a black box.Relevant SecureDrop server ticket: https://github.com/freedomofpress/securedrop/issues/973
2020-09-11: Updated per current status - @eloquence