-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
log proxy events to syslog #1996
Comments
When actually running via qrexec, it looks like we get logging of the headers of streamed responses for free since the proxy writes them via stderr, e.g.:
What I (at least) really want is just request/response correlation (since they could be interleaved among
|
Hmm, I didn't realize that stderr over qrexec gets logged - I don't think that will leak anything super sensitive, but we should just keep in mind what ends up in headers. https://docs.rs/syslog/latest/syslog/ looks reasonable to use, here's what the audit load looks like:
|
Description
The Python
securedrop-proxy
responds to the caller exclusively on stdout, so it can use standard Pythonlogging
.The Rust
securedrop-proxy
in #1718 responds with a mix of stdout and stderr, so it's silent. In testing, this makes it difficult to tell whether it (or some other proxy instance on the machine...) is handling a given request.It would be nice to log proxy events to syslog just for testing purposes.
How will this impact SecureDrop users?
No user-facing changes.
How would this affect the SecureDrop Workstation threat model?
No threat-model implications: the current proxy implementation already has this behavior.
User Stories
As a developer, I want to be able to watch a
securedrop-proxy
instance and see that it's handling requests.The text was updated successfully, but these errors were encountered: