Back to Security Pattern Catalog

Secure Logger

Classification Key : Core Security, Repudiation


Application Logs have to be created appropriately at multiple points during an application’s operational life cycle. Event logs and related data must be secured against alteration by an attacker. Log data should not be accessible to unauthorized personnel. How can you log the events correctly and securely and in a timely manner?


Use a centrally controlled logging functionality that can be used in various places throughout the application request and response. Decouple the logging functionality and provide it as a component or service to be used throughout the application. Cryptographically secure the logged data and keep additional information to verify the integrity of logged data. Control access to the log so that unauthorized users cannot view content.

Known Uses

Security Logging in J2EE services.


Sun Book




Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz