KoreShield

Monitoring & Logging

Monitor security events and analyze LLM usage patterns

Monitoring & Logging

KoreShield provides comprehensive monitoring and logging capabilities to help you track security events, analyze usage patterns, and maintain compliance.

Security Event Logging

All security events are automatically logged with detailed information:

{
  "timestamp": "2024-01-21T10:30:00Z",
  "event_type": "prompt_injection_detected",
  "severity": "high",
  "request_id": "req_123456",
  "user_id": "user_789",
  "provider": "openai",
  "model": "gpt-4",
  "input_length": 150,
  "risk_score": 0.95,
  "action_taken": "blocked",
  "matched_patterns": ["system_override", "instruction_injection"]
}

Log Levels

Configure logging verbosity in your configuration:

logging:
  level: "info"  # debug, info, warning, error
  format: "json"  # json, text
  file: "/var/log/koreshield/security.log"
  max_size: "100MB"
  retention: "30d"

Real-time Monitoring

Monitor security events in real-time:

# View live security events
koreshield monitor

# Filter by severity
koreshield monitor --level high

# Monitor specific provider
koreshield monitor --provider openai

Metrics and Analytics

Track key security metrics:

  • Requests per minute/hour/day
  • Security events by type
  • Blocked vs allowed requests
  • Response times and latency
  • Provider usage patterns

Alerting

Set up alerts for security events:

alerts:
  email:
    enabled: true
    recipients: ["security@company.com"]
    on_events: ["prompt_injection", "jailbreak_attempt"]

  webhook:
    enabled: true
    url: "https://hooks.slack.com/services/..."
    on_events: ["high_severity"]

  pagerduty:
    enabled: false
    integration_key: "..."

Compliance Logging

For compliance requirements, enable detailed audit trails:

compliance:
  soc2: true
  gdpr: true
  hipaa: false
  custom_fields:
    - "user_department"
    - "data_classification"
    - "business_unit"

Log Analysis

Analyze logs for security insights:

# Search for specific patterns
koreshield logs search "prompt_injection"

# Generate security reports
koreshield logs report --period 30d --format pdf

# Export logs for SIEM integration
koreshield logs export --format json --destination s3://logs-bucket/

Integration with Monitoring Tools

KoreShield integrates with popular monitoring platforms:

  • Datadog: Custom metrics and dashboards
  • Grafana: Pre-built security dashboards
  • ELK Stack: Full-text search and visualization
  • Splunk: Enterprise security analytics
koreshield switch my-org-slug

Per-Command Override

You can also override the active organization for a single command using the --org flag:

koreshield 3000 --org my-other-org

Security Policies

Configure custom security policies for your LLM integrations

API Integration

Integrate KoreShield into your applications and workflows

On this page

Monitoring & LoggingSecurity Event LoggingLog LevelsReal-time MonitoringMetrics and AnalyticsAlertingCompliance LoggingLog AnalysisIntegration with Monitoring ToolsPer-Command Override