Mango Blog had logs to output information about failing plugins. These logs were publicly available, and some users pointed out that it may help hackers find out information about the blog install. They were mostly an aid to plugin developers (the logs only included information when plugins failed). To be honest, the logs where kind of put together rather quickly, so I decided to revamp the way they work.
The logging mechanism is now much more flexible, allowing you to add your own loggers and allowing plugins to add custom loggers and logs. I've written some documentation on how to use it, so if you are interested, you can read more there. In addition, all logs are also stored in the database and no publicly accessible file is written unless you set up a new logger for that. I haven't added the log management to the administration, but that will come soon. In the meantime, you can use Adam Tuttle's LogViewer plugin, which has been updated to work with the new logs.
2 Comments
Hi Dave,
I understand your concern in the general sense, but in this particular case, I decided to make this compromise.
First of all, not all problems are logged, mostly just plugins. If there is a database issue, unfortunately, I don't think Mango will work, much less the logs. Logs are just a supporting feature, but not something that is required to work for Mango to work properly.
But more importantly, the database logs are the default, but other logging facilities can be easily added. In fact, Mango still ships with the file logger, but you need to manually enable it in the config file, and set a directory that you deem appropriate for the logs. It's just not the default. This ensures it is a conscious decision that you make when you enable them and not something that Mango does without you knowing.
Laura
Feb 19, 20108:46 PM
Quick question.. What if the error to be logged is a database issue? Will the system get stuck in an infinite loop trying to log an error in logging?
I have always been skeptical about storing logs in a database because you may loose the ability to write the log.
I am sure you have thought if this but I wanted to ask anyways.
Dave Ferguson
Feb 11, 201010:39 AM