Grant asks:
Is there a way to use cflog to log to a log [lol] that doesn't get deleted by admin? If so, could it still rollover at a certain size? If not, what's the best way to accomplish this? I want to create a log my system can depend on as a valid resource if all other means of finding out what happened fail.The short answer is no. As far as I know, once ColdFusion sees N version of a log file, where N is the number specified in your ColdFusion administrator in Log Settings/Maximum number of Archives, then the file will be deleted. You can kinda "cheat" your way around this. For example, I discovered that I could set the maximum number to 100000, which is probably enough to cover a couple decades of log files. (Actually, I tried 999999999999 first and got a fun little max int error.) You could also set the maximum file size higher as well. But technically - both of these do not solve the problem.
If you truly wanted to be sure ColdFusion wouldn't delete your logs you would need to use cffile instead. All cflog does is write, in a standard format, to the ColdFusion log directory. You could easily mimic this yourself. As for handling "rolling" - I actually don't like ColdFusion's way of rolling by size. I prefer rolling by date. If you want a simple day based file pattern you could use code like so...
<cfset name = "base">
<cfset name &= "." & day(now()) & "." & month(now()) & "." & year(now()) & ".txt">
<cfoutput>#name#</cfoutput>
In this snippet, the original value of name simply represents a name for the log. It could be 'security', 'cms', 'beer', etc. I then append the day, month, and year to the file name along with .txt. (And of course, .log would be fine.) This creates a file name of the form, base.29.11.2010.txt. You could add the current hour as well for more granularity.
Archived Comments
Minor thing, but if you wanted to make sure the files appeared in order by name, you could do:
<cfset name = "base" & DateFormat(Now(), "yyyy.mm.dd") & ".txt" />
Just a thought.
Ah yes - that seems better.
I would think the only way an admin wouldn't be able to delete the log file would be if you log to another server where the local administrator doesn't have permission to delete the files.
@Brian: Right- but cflog doesn't allow for that. You can specify a file name, but just the name portion, not the directory or extension. Of course, you could change the log directory - but CF would need write access to the dir, which implies it has access to delete as well. (AFAIK)
I was thinking more of having a webservice on another server using cflog and on your primary server making service calls to it. Of course, if that server goes down, you lose you logs, so you may just want to use that to augment local logging.
So a CFM on server A uses a web service on server B? But how does that help? CF will still delete the file eventually.
I guess I read the original post differently. I read the important portion as being that admin couldn't delete the log so that it could be relied upon to determine what happened. The scenario I considered was a hacker gaining root access and wiping the logs on their way out.
You could set the log director to disallow delete to everyone, including all admins, except for one special person.
that should read 'log directory'
@Gary: I wonder if CF would handle that gracefully?
I will do testing and let everyone know.