LOGGING

FIELD DESCRIPTION TYPE DEFAULT VALUE(S) ALLOWED VALUE(S)
enabled whether this part of the policy will be enforced Boolean true true, false
compensatingControl whether there’s another mechanism to handle this (elsewhere) in the stack Boolean false true, false
levelsSupported what logging framework will be followed String Array [“npm”,“syslog”,“cli”,“custom”] [“npm”,“syslog”,“cli”,“custom”]
levels what log levels should be supported JSON Array [{“trace”: 6},{“info”: 3},{“warn”: 2},{“error”: 1},{“fatal”: 0},{“debug”: 4},{“verbose”: 5}] Any JSON Array where key : value => “name” (String): severityLevel(Int)* or null
logEvents which events to log String Array [“securityEvents”,“appErrors”,“systemEvents”] String Array or null**
logCollection how logs will be collected
options log collection options String Array [“logstash”,“file/disk”,“kafka”] String Array or null; defaults to file/disk
storage where local logs will be stored String ”/var/log/${appName}/” String or null
retentionPeriod how long (in weeks) before logs expire Number(int ) 4 (1 month)*** Any integer >= 0 (0 = logs never deleted)
port _what’s the listening kibana port_i Number(int) 5601 Any int > 1025 (ephemeral ports)
analytics _configuration for application analytics
enabled _defines whether application data will be sent to analytic dashboard Boolean false true, false
config how application will connect to analytic dashboard JSON Object or null {“host”: “localhost”,“type”: “telegraf”ii,“port”: 8125} Any JSON Object with keys => “host”, “type”, “port”; values => String, String, Number(int) >= 1025

* severityLevels descend in severity, where most severe = 0

** You can name your log events however you wish, but you’ll need to retain this mapping throughout your application

*** You should adjust this value to match your data retention and log rotation policy

i Assumes kibana is configured to accept connections from your application

ii Assumes telegraf DB with Grafana front end