Fork me on GitHub
 

Since: 1.1
Type: There are no options to modify for this feature.


 


Introduction


 


The Logging Hook provides a way to capture and log MySQL database queries. This can be useful in monitoring accidental or malicious activity by users, particularly users with administrative privileges. It can also be useful in detecting unintended changes to the database due to software bugs or external attacks. For security, the logging hook is defined as a constant in mainfile.php, rather than as a configuration setting in the admin panel. That way, only someone with access to change mainfile.php can activate or deactivate the feature. The logging hook feature itself does not perform any logging. It merely provides a way to use a third-party logging module without the need for hacking the ImpressCMS core.


 


Case 1


 


If the constant ICMS_LOGGING_HOOK is set to the empty string, the logging hook is inactivated.


define('ICMS_LOGGING_HOOK', '');

Case 2


 


If the constant ICMS_LOGGING_HOOK is not defined, the logging hook is inactivated.


//define('ICMS_LOGGING_HOOK', '/path/to/file');

Case 3


If the constant ICMS_LOGGING_HOOK is defined as the path to a file, then that file will be included to capture database queries. The file is included by the method XoopsLogger::addQuery, in class/logger.php.


define('ICMS_LOGGING_HOOK', XOOPS_ROOT_PATH . '/modules/foobar/logging_hook.php');

Example 1


This is a very simple working example. Definition of ICMS_LOGGING_HOOK in mainfile.php:


define('ICMS_LOGGING_HOOK', XOOPS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php');

Contents of XOOPS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php:


The directory XOOPS_TRUST_PATH . '/modules/example_logger/logs/' must exist and be writable. A new log file is created each day.


Caution


The logged database queries may contain sensitive information; they should be placed only in a protected area not accessible to the public.


 


Example 2


 


This is a more practical example. It tags each log entry with the timestamp, client IP address, user ID and username, and filters out common queries: SELECT queries, and updates to the online, session and Protector access tables. Definition of ICMS_LOGGING_HOOK in mainfile.php:


define('ICMS_LOGGING_HOOK', XOOPS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php');

Contents of XOOPS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php:


prefix('protector_access');
$online_table = $xoopsDB->prefix('online');
$session_table = $xoopsDB->prefix('session');
$logfile = XOOPS_TRUST_PATH . '/modules/example_logger/logs/' . date('Ymd') . '_sql.log';
$timestamp = date('Y-m-d H:i:s');
if (is_object($xoopsUser)) {
$uid = $xoopsUser->getVar('uid');
$uname = $xoopsUser->getVar('uname');
} else {
$uid = 0;
$uname = '-';
}
$q = trim($sql);
$q_lower = strtolower($q);
if (strpos($q_lower, 'select') !== 0
and !preg_match("/^(delete\s+from|insert\s+into|update)\s+($protector_access_table|$online_table|$session_table)\s+/", $q_lower)
) {
$q = str_replace(array("\n", "\r", "\t"), ' ', $q);
@error_log("[$timestamp] [{$_SERVER['REMOTE_ADDR']}] [$uid] [$uname] $q\n", 3, $logfile);
}
?>

The directory XOOPS_TRUST_PATH . '/modules/example_logger/logs/' must exist and be writable. A new log file is created each day.  


Caution The logged database queries may contain sensitive information; they should be placed only in a protected area not accessible to the public.

Last modified on 2010/11/28 by Anonymous
Comments
The comments are owned by the poster. We aren't responsible for their content.