Since: 1.1
Type: There are no options to modify for this feature.
The Logging Hook provides a way to capture and log MySQL database queries. This can be useful in monitoring accidental or malicious activity by users, particularly users with administrative privileges. It can also be useful in detecting unintended changes to the database due to software bugs or external attacks. For security, the logging hook is defined as a constant in mainfile.php, rather than as a configuration setting in the admin panel. That way, only someone with access to change mainfile.php can activate or deactivate the feature. The logging hook feature itself does not perform any logging. It merely provides a way to use a third-party logging module without the need for hacking the ImpressCMS core.
If the constant ICMS_LOGGING_HOOK is set to the empty string, the logging hook is inactivated.
define('ICMS_LOGGING_HOOK', '');
If the constant ICMS_LOGGING_HOOK is not defined, the logging hook is inactivated.
//define('ICMS_LOGGING_HOOK', '/path/to/file');
If the constant ICMS_LOGGING_HOOK is defined as the path to a file, then that file will be included to capture database queries. The file is included by the method icms_core_Logger::addQuery, in libraries/icms/core/Logger.php.
define('ICMS_LOGGING_HOOK', ICMS_ROOT_PATH . '/modules/foobar/logging_hook.php');
This is a very simple working example. Definition of ICMS_LOGGING_HOOK in mainfile.php:
define('ICMS_LOGGING_HOOK', ICMS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php');
Contents of ICMS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php:
The directory ICMS_TRUST_PATH . '/modules/example_logger/logs/' must exist and be writable. A new log file is created each day.
Caution
The logged database queries may contain sensitive information; they should be placed only in a protected area not accessible to the public.
This is a more practical example. It tags each log entry with the timestamp, client IP address, user ID and username, and filters out common queries: SELECT queries, and updates to the online, session and Protector access tables. Definition of ICMS_LOGGING_HOOK in mainfile.php:
define('ICMS_LOGGING_HOOK', ICMS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php');
Contents of ICMS_TRUST_PATH . '/modules/example_logger/includes/logger.inc.php:
prefix('protector_access'); $online_table = $xoopsDB->prefix('online'); $session_table = $xoopsDB->prefix('session'); $logfile = ICMS_TRUST_PATH . '/modules/example_logger/logs/' . date('Ymd') . '_sql.log'; $timestamp = date('Y-m-d H:i:s'); if (is_object($xoopsUser)) { $uid = $xoopsUser->getVar('uid'); $uname = $xoopsUser->getVar('uname'); } else { $uid = 0; $uname = '-'; } $q = trim($sql); $q_lower = strtolower($q); if (strpos($q_lower, 'select') !== 0 and !preg_match("/^(delete\s+from|insert\s+into|update)\s+($protector_access_table|$online_table|$session_table)\s+/", $q_lower) ) { $q = str_replace(array("\n", "\r", "\t"), ' ', $q); @error_log("[$timestamp] [{$_SERVER['REMOTE_ADDR']}] [$uid] [$uname] $q\n", 3, $logfile); } ?>
The directory ICMS_TRUST_PATH . '/modules/example_logger/logs/' must exist and be writable. A new log file is created each day.
Caution The logged database queries may contain sensitive information; they should be placed only in a protected area not accessible to the public.
Last modified on 2024/11/20 by skenow
|