CWE-779
Logging of Excessive Data
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.
Mitigation
Phase: Architecture and Design
Description:
- Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states "last message repeated X times" when recording repeated events.
Mitigation
Phase: Architecture and Design
Description:
- Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the product. This may result in a denial-of-service to legitimate product users, but it will prevent the product from adversely impacting the entire system.
Mitigation
Phase: Implementation
Description:
- Adjust configurations appropriately when the product is transitioned from a debug state to production.
No CAPEC attack patterns related to this CWE.