Score:0

ColdFusion log files - application.log

in flag

So, I would like to understand some more things about colfusion log files and in particular application.log. In particular, I had my site scanned by some malicious people and I would like to know if they retrieved any data from me. I did notice that based on the access log files.

What do the errors in this file mean exactly? But if the application.log coldfusion files produce an error, does it mean that the user did retrieve some information or is it what it says - just an error, thus should I be safe about the specific instance?

Score:0
ng flag

Well, I don't think you will find the answer satisfactory.

First, the application log will be of no value in determining "if [the malicious people] retrieved any data from [you]". Indeed, no CF log will tell you that.

The application.log file holds in it either logging written by your application to it (such as with cflog) or errors which happened in your CFML pages. (And even then, if your errors were "handled" by your application, then such errors will NOT be written to that log file by default. Your error handling code will decide then how to handle the error, such as whether to send the error to someone via email, store it in a db, log it, etc.)

To be clear, no CF log tracks all requests that were made. While your web server access logs will tell you that, it still may not help for two reasons: a) if the request was a post, those logs won't track what form fields/post parameters were used, and b) regardless, the access logs don't track what the requests got in reply.

This is just a sad reality with pretty much any web application framework (not just CF): there's no built-in auditing of "all that was processed".

Then again, usually what matters is not really "what web pages they accessed" but "what data those pages presented". And normally that important data would come from a database or perhaps an API call you'd make (from CF, to get the data). And an argument could be made that the auditing of "what was requested" and/or "what was returned" is something that should be sought in that database server (or API server), rather than being CF's (or any web app server's) responsibility.

Again, not likely the answer you wanted to hear. And I realize it's about a year late anyway, but I wanted to offer it as I came across it. Hope it may help someone.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.