On 28 September 2010 17:45, Ian Lewis <[email protected]> wrote: > Hi, > > On Tue, Sep 28, 2010 at 9:19 AM, Nick Phillips > <[email protected]> wrote: >> I'm worried by the use of "warning" for all 4xx statuses. I think it >> still makes sense to use the "original" syslog level definitions[*] as a >> guide, and on there I'd suggest that some 4xx statuses would merit >> "Info", some "Notice", and maybe one or two "Warning". "Notice" not >> being included in Python's default logging, I guess that means I'd split >> them between "Info" and "Warning". >> >> My view is that the main use of these logs to me is to help me see when >> someone is doing Bad Things (or trying to) to my system. I would be >> wanting anything that indicated a targeted exploration of my server to >> show up as "Warning", and anything that's most likely a random script >> kiddie to be "Info". That certainly puts 404 in as "Info"; I see so many >> hits looking for e.g. poorly-configured phpmyadmin installations, that >> 404s would swamp anything that I really needed to be looking at. > > I'm split on this myself but I think making all 400 level responses warnings > would keep things consistent and help find potential security issues easier.
Making all 4xx a Warning is a bad idea. When you're writing a RESTful API, it's common to use these status codes the way they were intended to be used. For example, if the user makes a POST add a comment, but the form data is invalid a RESTful API won't return a 2xx, because the request failed. The only reasonable codes are in in 4xx range. It's not uncommon for users to badly fill out forms, so getting warnings about it would just flood the log. The logging level should be based on the cause (like CSRF validation failure) not solely on the response's status code. Regards, Łukasz Rekucki -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
