/

Log Action

Action Type: Log

Records the threat to backend and/or local files, then continues execution.

Available for: All platforms (Desktop, Mobile, Web)

How It Works

The Log action records threat information without disrupting application execution.

Behavior:

  • Logs to ByteHide backend (if API key configured)
  • Logs to local file (if file logging enabled)
  • Logs to console (if console logging enabled)
  • Application continues normally
  • No user disruption

When to Use

Recommended for:

  • Non-critical threats - VM detection, container detection
  • Analytics and monitoring - Gathering threat intelligence
  • Development environments - Testing without disruption
  • Cloud metadata detection - Deployment environment tracking
  • License binding - Monitoring hardware changes

Not recommended for:

  • Critical security threats (use close instead)
  • Production web attacks (use block instead)

Configuration

JSON Configuration

JSON
{
  "logging": {
    "level": "warning",
    "console": true,
    "file": {
      "enabled": true,
      "path": "logs/monitor.log"
    }
  },
  "protections": {
    "VirtualMachineDetection": {
      "enabled": true,
      "action": "log"
    },
    "ContainerDetection": {
      "enabled": true,
      "action": "log"
    }
  }
}

Code-Based Configuration

C#
await Payload.ConfigureAsync(config =>
{
    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
    config.AddProtection(ProtectionModuleType.ContainerDetection, ActionType.Log);
    config.AddProtection(ProtectionModuleType.CloudMetadata, ActionType.Log);
});

Logging Destinations

Backend Logging (ByteHide Cloud)

JSON
{
  "apiKey": "your-api-key",
  "logging": {
    "backend": {
      "enabled": true,
      "endpoint": "https://api.bytehide.com/v1/monitor"
    }
  }
}

File Logging

JSON
{
  "logging": {
    "file": {
      "enabled": true,
      "path": "logs/monitor.log",
      "maxSizeKB": 10240,
      "maxFiles": 5,
      "format": "json"
    }
  }
}

Console Logging

JSON
{
  "logging": {
    "console": true,
    "level": "warning"
  }
}

Code Examples

Basic Logging

C#
await Payload.ConfigureAsync(config =>
{
    // Log VM detection for analytics
    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);

    // Log emulator detection
    config.AddProtection(ProtectionModuleType.EmulatorDetection, ActionType.Log);
});

Custom Log Processing

C#
await Payload.ConfigureAsync(config =>
{
    config.RegisterCustomAction("custom-logger", async (threat) =>
    {
        // Log to your custom system
        await MyLogger.LogSecurityEventAsync(new
        {
            Type = threat.ModuleType.ToString(),
            Description = threat.Description,
            Metadata = threat.Metadata,
            Timestamp = DateTime.UtcNow
        });

        // Continue execution - don't close
    });

    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, "custom-logger");
});

Analytics Integration

C#
config.RegisterCustomAction("analytics-logger", async (threat) =>
{
    // Send to analytics platform
    await analyticsClient.TrackEventAsync("SecurityThreat", new
    {
        ThreatType = threat.ModuleType.ToString(),
        Severity = "Medium",
        Environment = Environment.GetEnvironmentVariable("ENVIRONMENT"),
        Platform = RuntimeInformation.OSDescription
    });
});

Log Format

JSON Format

JSON
{
  "timestamp": "2025-12-28T22:30:00Z",
  "threatId": "VM-2025-12-28-1234",
  "moduleType": "VirtualMachineDetection",
  "action": "Log",
  "description": "Virtual machine detected",
  "confidence": 0.95,
  "metadata": {
    "hypervisor": "VMware",
    "productName": "VMware Virtual Platform",
    "biosVendor": "Phoenix Technologies LTD"
  }
}

Plain Text Format

CODE
[2025-12-28 22:30:00] [WARN] VirtualMachineDetection: Virtual machine detected (VMware)

Platform-Specific Examples

Desktop Application

C#
await Payload.ConfigureAsync(config =>
{
    // Log for analytics, don't disrupt users
    config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
    config.AddProtection(ProtectionModuleType.RemoteDesktop, ActionType.Log);
    config.AddProtection(ProtectionModuleType.ContainerDetection, ActionType.Log);
});

Mobile Application

C#
await Payload.ConfigureAsync(config =>
{
    // Development: log everything
    #if DEBUG
        config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Log);
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Log);
    #else
        // Production: close on critical threats
        config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
        config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
    #endif
});

Web Application

C#
builder.Services.AddByteHideMonitor(monitor =>
{
    // Log LLM prompt injection attempts without blocking
    monitor.WithProtection(ProtectionModuleType.LlmPromptInjection, ActionType.Log);

    // Block actual attacks
    monitor.WithProtection(ProtectionModuleType.SqlInjection, ActionType.Block);
});

Log Levels

LevelDescriptionUse Case
ErrorCritical security violationsTampering, debugger
WarningPotential threatsVM, emulator, clock tampering
InfoEnvironment informationContainer, cloud metadata
DebugDetailed detection infoDevelopment, troubleshooting
JSON
{
  "logging": {
    "level": "warning",
    "minimalSeverity": "medium"
  }
}

Best Practices

  1. Use for Non-Critical Threats
C#
// Log action appropriate
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Log);
config.AddProtection(ProtectionModuleType.ContainerDetection, ActionType.Log);

// Close action better
config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close);
  1. Enable File Logging for Forensics
JSON
{
  "logging": {
    "file": {
      "enabled": true,
      "path": "logs/monitor.log",
      "maxSizeKB": 10240
    }
  }
}
  1. Integrate with Existing Logging
C#
config.RegisterCustomAction("serilog-integration", async (threat) =>
{
    Log.Warning("Security threat detected: {ThreatType} - {Description}",
        threat.ModuleType,
        threat.Description
    );
});
  1. Monitor Logs for Trends
C#
// Analyze logs to detect attack patterns
var vmDetections = await LogAnalyzer.CountByTypeAsync("VirtualMachineDetection");
if (vmDetections > 100)
{
    await SecurityTeam.NotifyAsync("High VM detection rate");
}
  • None - Detect without logging (analytics only)
  • Custom - Custom logging logic
  • Close - Log then terminate

All Actions

View all action types

Custom Actions

Advanced logging

Previous
Close
Next
Block