Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A python threadded logging handler and service extension for Azure Log Workspace OMS REST API.
This package provides an asynchronous solution for uploading application logs to an Azure Log Workspace using their
provided REST API, all supplied as a handler and service extension for python builtin logging
module.
The service works by instantiating an always-alive (non-daemonized) thread connected to a log request pool in which
logs will be queued, then periodically running through the pool in order to send the requests in bulk
using the requests
package. This is all to intend logging safely without interrupting or slowing down the main
process execution as transparently as possible.
For installing via the distributed package via PyPi:
$ pip install logging-azure-rest
Or if you which to install from the source, you can checkout the git repository and install using setuptools
:
$ python setup.py install
The following environment variables are read to configure the extension and are required:
AZURE_LOG_CUSTOMER_ID
: Customer ID for the Azure Log WorkspaceAZURE_LOG_SHARED_KEY
: Customer shared key for the Azure Log WorkspaceAZURE_LOG_DEFAULT_NAME
: The default "log type" name to indicate where the logs are stored.
This will be suffixed with "_CL" within the Azure Log Workspace.The following environment variables are read to tweak some parameters of the extension, they all have default values and therefore are optional:
AZURE_LOG_SEND_FREQUENCY
: Default: 5 How many seconds the service thread should wait before sending pooled logs.As you would any other handler, you only require to define a handler using the
logging_azure.handler.AzureLogServiceHandler
class:
[...]
"handlers": {
"console": {"level": logging.DEBUG, "class": "logging.StreamHandler", "formatter": "colorize"},
"azure_log_oms": {
"level": logging.INFO, "class": "logging_azure.handler.AzureLogServiceHandler", "formatter": "azure"
},
"default": {"level": logging.INFO, "class": "logging.StreamHandler", "formatter": "default"},
},
[...]
Then add the handler to your selected logger instance:
[...]
"loggers": {
LOGGER_NAME: {
"handlers": ["console"] if IS_LOCAL_DEV_INSTANCE else ["default", "azure_log_oms"],
"level": LOG_LEVEL,
"propagate": True,
}
},
[...]
In order to prevent additional cost from Azure Log OMS ingestion for talkative applications, it is recommended to set
an adequate LOG_LEVEL for your application (avoid logging.DEBUG
for example).
It is also recommended configuring your loggers appropriately so the AzureLogServiveHandler
isn't used during
local development or CI environments for example.
You are warned.
This package supplies a decent amount of information already to complement the message in a clean way by reading the
log record in order to facilitate Azure Log OMS Queries and ingestion, so you may only require using a specific
formatter that will only format the message
itself as follows:
[...]
"formatters": {
"default": {
"format": '[%(asctime)s] %(levelname)s %(name)s %(module)s "%(message)s"',
"datefmt": "%d/%b/%Y %H:%M:%S",
},
"azure": {
"format": '%(message)s',
},
[...]
This provides the following output within the Azure Portal for example:
This allows for easily creating custom queries and alerts for your application directly from the Azure Log OMS solution.
FAQs
A python threadded logging handler and service extension for Azure Log Workspace OMS REST API.
We found that logging-azure-rest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.