If EFF claims that networking logs showed enough detail to confirm Heartbleed exploit attempts going on, then why did Codenomicon’s heartbleed.com website claim that the bug doesn’t show up in logs?
Because “logs” is a very generic term. You can set up your logging to record varying amount of information—you can fully log every packet received, or you can log only errors, or you can do something in between.
If you record every packet received, you will be able to see Heartbleed attacks in your logs. However, for obvious reasons, few people do that and very few people do that on a permanent basis.
Because “logs” is a very generic term. You can set up your logging to record varying amount of information—you can fully log every packet received, or you can log only errors, or you can do something in between.
If you record every packet received, you will be able to see Heartbleed attacks in your logs. However, for obvious reasons, few people do that and very few people do that on a permanent basis.