Establish logging facilities

[gene1wood]

Currently we use console.log liberally in our rules.

The Debugging Best Practices page says

In a production environment, debug logging isn’t something that’s desirable all the time; given the performance considerations associated with rules, it would not be prudent to have it continuously enabled.

Given this let's do a few things

1. Establish a debug logging capability like that described by Auth0 that depends on a configuration setting which we would leave off in production normally. Maybe we want to get fancy and instead of storing a boolean in configuration we store a date/time. Then we emit debug logs if the date/time is older than the one in configuration. This way we can avoid accidentally leaving debug logging on.
2. Establish a new logging capability that emits logs out of Auth0 webtask so they can make it to MozDef. I contacted Auth0 support to find out what the recommended way to do this is and they don't have an intentional facility for this but said that the notion of emitting them ourselves, as long as we're not blocking, should work fine. So I imagine the way to do this would be
   • Use the aws-sdk combined with AWS credentials in configuration to send the log message via SNS to a topic.
   • Setup a lambda consumer on that topic which takes the log message, wraps it in a MozDef message format and drops it in SQS
   • Keep in mind that if a rule is waiting on this SNS call to complete, the user may have to wait. Great details on this in the execution section about rules. In talking to Auth0 support though it sounds like you can fire and forget and the callback would not wait on the response from the publish step. Here's an example of that in a rule of theirs.
3. Go through our rules and determine what log lines
   • Should be set to debug
   • Should be emitted to MozDef
   • Should be removed

Here's an example of something tangential but related for splunk