Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
@dazn/lambda-powertools-logger
Advanced tools
Logger that is tightly integrated with the rest of the lambda-powertools
Logger that is tightly integrated with the rest of the lambda-powertools
, and knows to automatically include any correlation IDs that have been captured with @dazn/lambda-powertools-correlation-ids
.
Main features:
structured logging with JSON
includes a number of common attributes: awsRegion
, functionName
, functionVersion
, functionMemorySize
and environment
supports sampling of debug logs with the enableDebug
function (see below for more details)
allow log level to be changed live via the LOG_LEVEL
environment variable (allowed values are DEBUG
, INFO
, WARN
and ERROR
)
for WARN
and ERROR
logs, include errorName
, errorMessage
and stackTrace
Install from NPM: npm install @dazn/lambda-powertools-logger
This illustrates the API for logging:
const Log = require('@dazn/lambda-powertools-logger')
Log.debug('this is a debug message')
Log.debug('this is a debug message with attributes', { userId: 'theburningmonk' })
Log.info('this is an info message')
Log.info('this is an info message with attributes', { userId: 'theburningmonk' })
Log.warn('this is a warning message')
Log.warn('this is a warning message with attributes', { userId: 'theburningmonk' })
Log.warn('this is a warning message', new Error('oops'))
Log.warn('this is a warning message with attributes, and error details', { userId: 'theburningmonk' }, new Error('oops'))
Log.error('this is an error message')
Log.error('this is an error message with attributes', { userId: 'theburningmonk' })
Log.error('this is an error message', new Error('oops'))
Log.error('this is an error message with attributes, and error details', { userId: 'theburningmonk' }, new Error('oops'))
We don't want to leave debug logging ON in production, as there are significant impact on:
CloudWatch Logs cost : CloudWatch Logs charges $0.50 per GB of data ingested
Logz.io cost : Logz.io also charges based on data ingested as well
Lambda cost : there are also Lambda invocation costs for shipping logs from CloudWatch Logs to Logz.io
Lambda concurrency : more things being logged = more Lambda invocations to ship them to Logz.io, which can potentially use up too much of our regional quota of concurrent Lambda executions (default limit is 1000, can be raised through support ticket)
too much noise in the logs, making it harder to find important information
Instead, we should sample debug logs for, say, 1% of invocations.
When used with other lambda-powertools, e.g. @dazn/lambda-powertools-middleware-sample-logging
, debug logging can be enabled during an invocation using enableDebug
function.
The @dazn/lambda-powertools-middleware-correlation-ids
middleware also supplements this behaviour by allowing you to propagate decisions to enable sample logging as a special correlation IDs. This allows an entire call chain (e.g. API Gateway -> Lambda -> Kinesis -> Lambda -> SNS -> Lambda -> HTTP -> API Gateway -> Lambda) to respect the sampling decisions.
const Log = require('@dazn/lambda-powertools-logger')
// LOG_LEVEL is set to WARN via serverless.yml
Log.debug('this is not logged')
const undoDebugLog = Log.enableDebug()
Log.debug('this is logged')
undoDebugLog()
Log.debug('this is not logged')
FAQs
Logger that is tightly integrated with the rest of the lambda-powertools
We found that @dazn/lambda-powertools-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.