Skip to main content
B
bell_the_cat
Inspiring
August 13, 2024
Question

Security requirement - shutdown apps on audit failure

  • August 13, 2024
  • 1 reply
  • 494 views

I have a security requirement to shut down hosted applications in the event of audit (logging) failure.  Since ColdFusion handles logging, I was trying to find out what happens to ColdFusion should logging fail - out of disk space, or I/O error or whatever?  Does CF start overwriting older logfiles in the rotation?  Does the server crash?  Do error messages queue up or just get lost? 

 

I know that CF will usually fail to start if there is a disk space issue at the time of startup, but I'm more concerned with what happens during normal processing.  Any info/help appreciated.

    This topic has been closed for replies.

    1 reply

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    August 15, 2024

    Please provide more information.. What do you mean by "audit (logging) failure"? A failure of ColdFusion to write to the audit.log file? A failure of ColdFusion to write to any specific log file or files? If so, which?

     

    As far as I know, standard logging in ColdFusion is carried out by ColdFusion's own logging modules. When triggered, these loggers create outputstreams, which they use to write to log files.

     

    The loggers are in-built and logging occurs automatically. Therefore, if logging were to fail, it would mean that a critical fault has occurred in the ColdFusion engine.

    My answers to your other questions follow:

     

    1. Would ColdFusion then start overwriting older logfiles in the rotation? 
      I don't think so. After all, logging wouldn't be possible.
    2. Would the server crash? 
      I think unlikely. The logging modules may be critical, but I don't think they are so critical as to have a stranglehold on the ColdFusion engine as a whole.
    3. Do error messages queue up or just get lost? 
      I am not aware of any belated queue for error messages in ColdFusion. If there were such a queue, it would logically reside in memory. That would open up the possibility of the heap filling up with error messages, which would be poor application design. That leads me to suppose that unlogged error messages simply get lost. 
    B
    bell_the_catAuthor
    Inspiring
    August 15, 2024

    Please provide more information.. What do you mean by "audit (logging) failure"? A failure of ColdFusion to write to the audit.log file? A failure of ColdFusion to write to any specific log file or files? If so, which?


    Failure of ColdFusion to write to ANY logfiles for any reason.  From the requirement discussion:

    "Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode."

     

    The loggers are in-built and logging occurs automatically. Therefore, if logging were to fail, it would mean that a critical fault has occurred in the ColdFusion. engine.

     

    If the failure were caused by a critical fault in the ColdFusion engine, would that cause CF to crash/shutdown?  In your response, you indicated this was unlikely and anything that would have been logged would likely be lost.

     

    For failures not caused by ColdFusion, i.e., ColdFusion is still capable of logging to files, but disk space is full:

    "If the failure was caused by the lack of audit record storage capacity, the application must continue generating audit records if possible (automatically restarting the audit service if necessary), overwriting the oldest audit records in a first-in-first-out manner."

     

    This is where the question "Would ColdFusion overwrite older logfiles in the rotation?" comes into play.  Or would disk space also cause a crash/shutdown event?

     

    Ironically, a crash/shutdown would be preferred behavior here in order to meet the security requirement.  Go figure.

     

    Thanks for your response!

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    August 15, 2024

    Your explanation is good and clear. Audit requirements, as explained here, are not the responsibility of an application server or service such as ColdFusion. They are the responsibility of the user of the service. In this case, of the developer.

     

    The ColdFusion developer could implement the 2 main requirements of the audit as follows:

     

    1.  Monitor ColdFusion's failure to write to any logfiles for any reason:
      The developer could do so in the onError event-handler in Application.cfc. 
      <cffunction name="onError" returnType="void">
<cfargument name="Exception" required=true/>
<cfargument name="EventName" type="String" required=true/>
<!---
Here, monitor the occurrence of typical errors related to logging.
For example, the presence of 'org.apache.logging.log4j' and 
'coldfusion.log.Logger' in the string arguments.Exception.stacktrace.

If there are logging errors, use cfmail to mail a dump of arguments.Exception
to the developer. 
--->
</cffunction>

       

    2.  Monitor failures not caused by ColdFusion: for example, monitor when disk space is full or close to full, even though ColdFusion is still capable of logging to file.
      The developer could use FusionReactor or the ColdFusion Performance Monitoring Toolset to monitor disk space. Either tool can be configured to notify the developer when disk percentage usage exceeds a given threshold, say, 95%.
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices