Effective Application Monitoring: Security Logging for Web Applications - Secure Java: For Web Application Development

Java Reference

In-Depth Information

In the later sections of Requirement 10, PCI has also speciically mandated the security over

audit trails to ensure that unauthorized individuals are not able to access them. he standard

also speciies certain requirements like ile integrity monitoring to ensure that any unauthor-

ized modiication to the logs is detected and raised as an incident. PCI has mandated the

daily review of logs from all system components (public facing and private) for the scoped

environment. he standard has also speciied a minimum retention time for the audit trail,

as 1 year oline and 3 months of logs available for analysis.

9.4 Logging Implementation Using Java

he Java logging APIs are a part of the package java.util.logging , and they help the

developers facilitate software servicing and maintenance. hese APIs help developers develop

applications that produce log reports suitable for analysis by end users, system administrators,

ield service engineers, and software development teams. hese APIs also help capture informa-

tion such as coniguration errors, performance bottlenecks, and/or bugs in the application or

platform. More importantly, these APIs also help in tracing security incidents and attacks. he

classes/interfaces in this package include support for delivering cleartext or XML-formatted

log records to memory, output streams, consoles, iles, and sockets. Moreover, the logging APIs

are capable of interacting with logging services that already exist on some of the host operating

environments.

9.4.1 Control Flow

In the Java world, the logging activity has been woven around simple objects such as Logger

object, Handler object, and so on. Applications are developed in such a way that they make

logging calls on logger objects. Also, application developers can create loggers so that they can

be organized in a hierarchical namespace and child loggers may inherit some logging properties

from their parents in the namespace. he applications initiate logging calls on logger objects.

hese logger objects allocate LogRecord objects that are passed to handler objects for pub-

lishing the logging activity. Both Logger and Handler objects may use logging levels and

ilters to focus on a particular LogRecord . When it is necessary to publish a LogRecord

to an external environment, such as ile or a database table, a handler can use a formatter (for

localization and formatting purposes) for the message before publishing it. hese activities are

exempliied in Figure 9.2.

Filter

File/

Database

Memory

Handler

Application

Logger

Handler

Filter

Figure 9.2

Logging model in the Java environment.

Search WWH ::

Custom Search

Home