Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
By Sarah Gooding - Sep 30, 2024
fwsp-logger
Advanced tools
Logger 
Synopsis
Provides a pino logger that ships its logs to Elasticsearch via pino-elasticsearch.
First, run npm install -g pino-elasticsearch
In Hydra-Express service entry-point script:
// set up the logger for hydra express
let logger = config.logger && require('fwsp-logger').initHydraExpress(
hydraExpress, config.hydra.serviceName, config.logger
);
return hydraExpress.init(config.getObject(), version, () => {
// register the logging middleware if this is a dev environment and logger.logRequests is true
let logRequests = config.environment === 'development' && logger && config.logger.logRequests;
logRequests && hydraExpress.getExpressApp().use(logger.middleware);
hydraExpress.registerRoutes({
'/v1/service': require('./routes/service-v1-routes')
});
})
with corresponding entry in config.json:
"logger": {
"name": "optional - will default to service name",
"logPath": "optional - will default to service/servicename.log",
"toConsole": false, // don't log to console
"noFile": true, // don't log to disk
"logRequests": true, // log all requests in development env
"redact": ["password"], // fields to redact when logging req.body
"elasticsearch": {
"host": "localhost",
"port": 9200,
"index": "local-dev"
}
},
Or, in Hydra services:
// set up logger
let logger;
if (config.logger) {
const Logger = require('fwsp-logger').Logger;
logger = new Logger(
{
name: config.hydra.serviceName,
toConsole: true
},
config.logger.elasticsearch
).getLogger();
}
// initialize hydra
hydra.init(config.hydra)
.then(() => {
return hydra.registerService();
})
.then(serviceInfo => {
// log hydra 'log' events
hydra.on('log', (entry) => {
let msg = Utils.safeJSONParse(entry);
if (msg) {
if (logger[msg.type]) {
logger[msg.type](msg.message);
} else {
logger.info(msg.type, msg.message);
}
}
});
// log service start
logger.info({
message: `Started ${config.hydra.serviceName} (v.${config.version})`
serviceInfo
});
})
// log hydra.init error
.catch(error => logger.error({
message: 'Error initializing Hydra',
error
});
});
General usage:
const Logger = require('fwsp-logger').Logger,
logger = new Logger(
{
name: 'my-service', // required - name of the app writing logs
file: '/custom/log-file.log', // optional, defaults to ${cwd()}/serviceName.log
toConsole: true // defaults to false
}, {
host: 'your.elasticsearch.host.com',
port: 9200,
index: 'local-dev'
}
);
const appLogger = logger.getLogger();
appLogger.error('An error happened');
appLogger.info({
message: 'Something else happened',
details: {
foo: 'bar',
answer: 42
}
});
Testing
To make sure logs are getting shipped to Elasticsearch, you can spin up docker containers with ES and Kibana using the docker-compose.yml file in this repository.
You will need docker and
docker-compose installed,
then in this project folder, launch docker-compose up.
You'll need to set up an Elasticsearch index in Kibana before you'll be able to view logs, which should be the value of logger.elasticsearch.index ('local-dev' in above examples), or 'pino' by default.
If you don't have any index patterns set up, Kibana won't let you proceed without adding one. Otherwise, to add additional indices, go to Settings -> Indices.
License
Licensed under MIT.
Keywords
FAQs
Provides logging via pino, and transport to elasticsearch
The npm package fwsp-logger receives a total of 25 weekly downloads. As such, fwsp-logger popularity was classified as not popular.
We found that fwsp-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Dec 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Malicious “express-dompurify” npm Package Steals Browser and Cryptocurrency Wallet Data
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
By Socket Research Team - Sep 27, 2024
Security News
ENISA 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply Chain Attacks on Open Source Software
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
By Sarah Gooding - Sep 27, 2024