[{"data":1,"prerenderedAt":218},["ShallowReactive",2],{"blog-vulnerabilities/insufficient-logging":3},{"id":4,"title":5,"body":6,"category":198,"date":199,"dateModified":199,"description":200,"draft":201,"extension":202,"faq":203,"featured":201,"headerVariant":204,"image":203,"keywords":203,"meta":205,"navigation":206,"ogDescription":207,"ogTitle":203,"path":208,"readTime":209,"schemaOrg":210,"schemaType":211,"seo":212,"sitemap":213,"stem":214,"tags":215,"twitterCard":216,"__hash__":217},"blog/blog/vulnerabilities/insufficient-logging.md","Insufficient Logging Explained",{"type":7,"value":8,"toc":188},"minimark",[9,16,21,24,28,88,93,108,118,122,125,141,157,176],[10,11,12],"tldr",{},[13,14,15],"p",{},"Without proper logging, you can't detect attacks, investigate incidents, or prove compliance. Log security-relevant events (logins, failures, permission changes) but never log sensitive data (passwords, tokens, PII). Use a logging service like LogTail, Datadog, or Sentry for easy searching and alerting.",[17,18,20],"h2",{"id":19},"what-is-insufficient-logging","What Is Insufficient Logging?",[13,22,23],{},"Insufficient logging means your application doesn't record enough information to detect attacks or investigate security incidents. When something goes wrong, you're left guessing what happened.",[17,25,27],{"id":26},"what-should-you-log","What Should You Log?",[29,30,31,44],"table",{},[32,33,34],"thead",{},[35,36,37,41],"tr",{},[38,39,40],"th",{},"Log This",[38,42,43],{},"Don't Log This",[45,46,47,56,64,72,80],"tbody",{},[35,48,49,53],{},[50,51,52],"td",{},"Login attempts (success/failure)",[50,54,55],{},"Passwords (even failed ones)",[35,57,58,61],{},[50,59,60],{},"Permission changes",[50,62,63],{},"Full credit card numbers",[35,65,66,69],{},[50,67,68],{},"Access to sensitive resources",[50,70,71],{},"Session tokens",[35,73,74,77],{},[50,75,76],{},"Configuration changes",[50,78,79],{},"API keys",[35,81,82,85],{},[50,83,84],{},"Error conditions",[50,86,87],{},"Personal data (SSN, etc.)",[89,90,92],"h3",{"id":91},"example-logging-implementation","Example Logging Implementation",[94,95,97],"code-block",{"label":96},"Security event logging",[98,99,104],"pre",{"className":100,"code":102,"language":103},[101],"language-text","// Log authentication events\nlogger.info('auth.login.success', {\n  userId: user.id,\n  ip: req.ip,\n  userAgent: req.headers['user-agent'],\n  timestamp: new Date().toISOString()\n});\n\nlogger.warn('auth.login.failed', {\n  email: maskEmail(email), // user@e*****.com\n  ip: req.ip,\n  reason: 'invalid_password',\n  timestamp: new Date().toISOString()\n});\n","text",[105,106,102],"code",{"__ignoreMap":107},"",[109,110,111],"warning-box",{},[13,112,113,117],{},[114,115,116],"strong",{},"Never log:"," Passwords, tokens, API keys, credit cards, SSNs, or other sensitive data. If logs are compromised, this data could be exposed.",[17,119,121],{"id":120},"setting-up-alerts","Setting Up Alerts",[13,123,124],{},"Logs are only useful if someone looks at them. Set up alerts for:",[126,127,128,132,135,138],"ul",{},[129,130,131],"li",{},"Multiple failed login attempts (brute force detection)",[129,133,134],{},"Admin actions from new IP addresses",[129,136,137],{},"Unusual error rates",[129,139,140],{},"Access patterns outside business hours",[142,143,144,151],"faq-section",{},[145,146,148],"faq-item",{"question":147},"How long should I keep logs?",[13,149,150],{},"Depends on compliance requirements, but 90 days to 1 year is common. Security incidents are often discovered weeks after they occur, so short retention limits your investigation ability.",[145,152,154],{"question":153},"What logging service should I use?",[13,155,156],{},"For vibe-coded apps, services like LogTail, Sentry, or Datadog are easy to integrate. They provide searching, alerting, and dashboards without managing infrastructure.",[158,159,160,166,171],"related-articles",{},[161,162],"related-card",{"description":163,"href":164,"title":165},"What not to log","/blog/vulnerabilities/sensitive-data-exposure","Sensitive Data Exposure",[161,167],{"description":168,"href":169,"title":170},"Complete logging guide","/blog/best-practices/logging","Logging Best Practices",[161,172],{"description":173,"href":174,"title":175},"When things go wrong","/blog/checklists/incident-response-checklist","Incident Response",[177,178,181,185],"cta-box",{"href":179,"label":180},"/","Start Free Scan",[17,182,184],{"id":183},"check-your-logging","Check Your Logging",[13,186,187],{},"Our scanner checks for missing security logging patterns.",{"title":107,"searchDepth":189,"depth":189,"links":190},2,[191,192,196,197],{"id":19,"depth":189,"text":20},{"id":26,"depth":189,"text":27,"children":193},[194],{"id":91,"depth":195,"text":92},3,{"id":120,"depth":189,"text":121},{"id":183,"depth":189,"text":184},"vulnerabilities","2026-01-20","Without proper logging, you can't detect attacks or investigate breaches. Learn what to log, what not to log, and how to set up security monitoring.",false,"md",null,"red",{"noindex":206},true,"Learn why logging matters for security and how to implement it properly.","/blog/vulnerabilities/insufficient-logging","6 min read","[object Object]","TechArticle",{"title":5,"description":200},{"loc":208},"blog/vulnerabilities/insufficient-logging",[],"summary_large_image","Dh0WXT9zX9eTrk0iRV33RXTb7_egEBqHmY5uwWSaslk",1775843926498]