Fix Insufficient Logging & Monitoring in Next.js
Next.js applications are often blind to production attacks because developers treat logging as a debugging tool rather than a security requirement. Primitive 'console.log' statements are non-structured, lack context, and are easily lost in high-traffic environments. Insufficient logging allows attackers to probe your API, brute-force credentials, and escalate privileges without leaving a trace. To fix this, you must implement structured JSON logging with correlation IDs and mandatory security event tracking.
The Vulnerable Pattern
// pages/api/auth/login.js export default function handler(req, res) { const { email, password } = req.body;if (email !== ‘[email protected]’ || password !== ‘password123’) { // VULNERABILITY: No context, no IP, no request ID, no timestamp. // This is invisible to SIEM/Monitoring tools. console.log(‘Login failed’); return res.status(401).json({ error: ‘Unauthorized’ }); }
res.status(200).json({ success: true }); }
The Secure Implementation
The secure implementation replaces standard stdout with Pino, a high-performance structured logger. Key improvements: 1. JSON Format: Enables easy ingestion into ELK, Splunk, or Datadog. 2. Correlation IDs: Uses 'x-request-id' to trace a single request's lifecycle across serverless functions. 3. Security Context: Logs the origin IP and User-Agent to detect botnets or credential stuffing. 4. Severity Levels: Uses 'warn' for failed attempts to trigger real-time SOC alerts, while keeping 'info' for audit trails. Sensitive data like raw passwords remain excluded from logs to prevent PII leakage.
// lib/logger.js import pino from 'pino'; const logger = pino({ level: process.env.LOG_LEVEL || 'info', base: { env: process.env.NODE_ENV } }); export default logger;// pages/api/auth/login.js import logger from ’../../../lib/logger’;
export default function handler(req, res) { const { email } = req.body; const requestId = req.headers[‘x-request-id’] || ‘internal-’ + Math.random(); const clientIp = req.headers[‘x-forwarded-for’] || req.socket.remoteAddress;
// SECURE: Structured logging with metadata for incident response if (isAuthInvalid(email, req.body.password)) { logger.warn({ event: ‘authentication_failure’, category: ‘identity’, metadata: { email, clientIp, requestId, userAgent: req.headers[‘user-agent’] } }, ‘Unauthorized access attempt’);
return res.status(401).json({ error: 'Unauthorized' });}
logger.info({ event: ‘authentication_success’, email, requestId }, ‘User logged in’); res.status(200).json({ success: true }); }
Your Next.js API
might be exposed to Insufficient Logging & Monitoring
74% of Next.js apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.
Free Tier • No Credit Card • Instant Report
Verified by Ghost Labs Security Team
This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.