The amount of intelligence you can pull from logs is unlimited. In a typical log like the below we see a session but we have no idea who is editing the employee. Furthermore the employee might be edited under impersonation.
2015-11-07 22:15:05,845 INFO [com.sample.web.filter.LoggingFilter doFilter] - 172.16.2.41 AD3A60A51885B74F2AC2B02F5BDD3AC0.node1 /employee/204187 192.168.0.43
We can easily see filtering by the sessionid if a user was impersonated and list both the real user and the impersonated user with the below awk script:
We get now something like:
2015-11-07 22:15:05,845 192.168.0.43 AD3A60A51885B74F2AC2B02F5BDD3AC0.node1 impersonator@sample.com impersonated@sample.com /employee/204187
Note that if you are logging all params as part of the URL regardless if it is POST or GET you could be saving a lot of time. If you are using JSON payload most likely things will get a little more complicated as you might want to extract specific fields from the payload but overall you could extract a lot of business intelligence from logs just using the veteran awk.
No comments:
Post a Comment