Security Monitoring¶
FastAPI Guard provides robust security logging capabilities that can be leveraged for monitoring and analytics. This guide covers how to work with the logs generated by FastAPI Guard and options for deeper security analytics.
Basic Logging¶
By default, FastAPI Guard logs all security events to standard Python logging facilities. You can configure custom log paths using the custom_log_file parameter in the SecurityConfig.
Passive Mode for Penetration Detection¶
When deploying in production environments, it's often best to start with passive mode to understand your traffic patterns before enabling blocking rules.
config = SecurityConfig(
enable_penetration_detection=True,
passive_mode=True # Log but don't block
)
In passive mode, FastAPI Guard will detect potential penetration attempts, but instead of blocking the request, it will only log the incident with the prefix [PASSIVE MODE] in your logs. This helps identify false positives before enabling full blocking mode.
Configurable Log Levels¶
FastAPI Guard allows you to configure different log levels for normal and suspicious requests:
config = SecurityConfig(
# Normal requests logged at INFO level (or None to disable)
log_request_level="INFO",
# Security events logged at WARNING level
log_suspicious_level="WARNING"
)
This separation allows: - Quieter logs in production by disabling or reducing normal request logging - Maintaining visibility for security events - Different log routing based on severity
Available log levels include: "INFO", "DEBUG", "WARNING", "ERROR", "CRITICAL", and None (to disable).
Log Analysis¶
FastAPI Guard logs contain valuable security intelligence, including:
- IP addresses attempting suspicious actions
- Pattern matches indicating attack vectors (SQL injection, XSS, etc.)
- Geographic origins of traffic
- Rate limiting violations
- Cloud provider origins
You can use standard log analysis tools to process and visualize these logs.