Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
connect-ltsv-logger
Advanced tools
LTSV format logger for (connect|express).
This is just a wrapper of connect.middleware.logger.
var express = require("express"),
ltsvlogger = require('connect-ltsv-logger');
// define output WriteStream
var out = fs.createWriteStream("ltsv-access.log",{flags: 'a+'}),
// define tokens
var ltsv = [];
ltsv.push("host");
ltsv.push("ident");
ltsv.push("user");
ltsv.push("time");
ltsv.push("req");
ltsv.push("status");
ltsv.push("size");
ltsv.push("referer");
ltsv.push("ua");
var app = express();
app.configure(function(){
// app.set(/*snip*/)
// ...
app.use(ltsvlogger({format:ltsv,stream:out}));
// app.use(/*snip*/)
// ...
});
tail -f ltsv-access.log
host:127.0.0.1<TAB>ident:-<TAB>user:-<TAB>time:[13/Feb/2013:19:15:44 +09:00]<TAB>req:GET /stylesheets/style.css HTTP/1.1<TAB>status:200<TAB>size:110<TAB>referer:http://localhost:3001/<TAB>ua:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
Just override connect.logger's formats as ltsv
host:127.0.0.1<TAB>ident:-<TAB>user:-<TAB>time:[Wed, 13 Feb 2013 10:00:55 GMT]<TAB>req:GET / HTTP/1.1<TAB>status:200<TAB>size:110<TAB>referer:-<TAB>ua:-
host:127.0.0.1<TAB>ident:-<TAB>req:GET / HTTP/1.1<TAB>status:200<TAB>size:-<TAB>response-time:1 ms
req:GET /<TAB>status:200<TAB>size:-<TAB>response-time:1 ms
concise output colored by response status for development use (Not ltsv format).
The following tokens are available
time
logger.token("time",function(){
return "[" + moment().format("DD/MMM/YYYY:HH:mm:ss Z") + "]" ;
});
host
logger.token("host",function(req,res){
return req.connection.address().address || '-';
});
X-Forwarded-For
logger.token("X-Forwarded-For",function(req,res){
return res.getHeader("X-Forwarded-For") || "-";
});
user
logger.token("user",function(req,res){
return '-';
});
ident
logger.token("ident",function(req,res){
return '-';
});
req
logger.token("req",function(req,res){
var ret = [];
ret.push(req.method);
ret.push(req.url);
ret.push("HTTP/"+req.httpVersion);
return ret.join(" ");
});
method
logger.token("method",function(req,res){
return req.method;
});
uri
logger.token("uri",function(req,res){
return url.parse(req.url).href;
});
protocol
logger.token("protocol",function(req,res){
return url.parse(req.url).protocol;
});
status
logger.token("status",function(req,res){
return res.statusCode;
});
size
logger.token("size",function(req,res){
return res.getHeader("content-length");
});
reqsize
logger.token("reqsize",function(req,res){
if(req.body) return req.body.length;
return "-";
});
referer
logger.token("referer",function(req,res){
return req.headers['referer'] || req.headers['referrer'];
});
ua
logger.token("ua",function(req,res){
return req.headers['user-agent'];
});
vhost
logger.token("vhost",function(req,res){
return req.headers["host"];
});
reqtime
logger.token("reqtime",function(req,res){
return new Date - req._startTime;;
});
X-Cache
logger.token("X-Cache",function(req,res){
return res.getHeader('X-Cache');
});
X-Runtime
logger.token("X-Runtime",function(req,res){
return res.getHeader('X-Runtime');
});
npm do
npm install connect-ltsv-logger
Source code can be found on github, licenced under MIT.
Developed by Takeharu.Oshida
FAQs
ltsv formated access logger for connect based application
We found that connect-ltsv-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.