# Insufficient Logging (CWE-778)

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

**Stack:** JavaScript

- Prevalence: उच्च बार-बार शोषित
- Impact: मध्यम समीक्षा अनुशंसित
- Prevention: प्रलेखित 3 फिक्स उदाहरण

**OWASP:** Security Logging and Monitoring Failures (A09:2021-Security Logging and Monitoring Failures) - #9

## Description

Insufficient logging makes it difficult to detect attacks in progress, investigate security incidents, or establish accountability. Logs should capture who did what, when, and from where.

## Prevention

1 Shoulder डिटेक्शन नियमों पर आधारित Insufficient Logging के लिए रोकथाम रणनीतियाँ।

### JavaScript

Replace console.log with a structured logging library like winston or pino

## Warning Signs

- [low] console

## Consequences

- गतिविधियाँ छिपाना
- सुरक्षा तंत्र को बायपास करना

## Mitigations

- सभी सुरक्षा-संबंधी घटनाओं को लॉग करें (प्रमाणीकरण, प्राधिकरण, डेटा एक्सेस)
- पर्याप्त संदर्भ शामिल करें (उपयोगकर्ता, timestamp, IP, क्रिया, परिणाम)
- केंद्रीकृत लॉग प्रबंधन और निगरानी लागू करें

## Detection

- Total rules: 3
- Languages: javascript, typescript, python

## Rules by Language

### Javascript (1 rules)

- **Avoid console.log when logging library exists** [low]: Detects console.log calls when a logging library exists. Only fires when winston, pino, bunyan, or log4js is detected.
  - Remediation: Replace console.log with your logging library.

```javascript
// winston
logger.info('User logged in', { userId });

// pino
logger.info({ userId }, 'User logged in');
```

Learn more: https://shoulder.dev/learn/javascript/cwe-778/avoid-console-log

### Typescript (1 rules)

- **Avoid console.log when logging library exists** [low]: Detects console.log calls when a logging library exists. Only fires when winston, pino, bunyan, or log4js is detected.
  - Remediation: Replace console.log with your logging library.

```javascript
// winston
logger.info('User logged in', { userId });

// pino
logger.info({ userId }, 'User logged in');
```

Learn more: https://shoulder.dev/learn/javascript/cwe-778/avoid-console-log