Logstop
🔥 Keep personal data out of your logs
logger.info "Hi test@example.org!"
# => Hi [FILTERED]!
By default, scrubs:
- email addresses
- phone numbers
- credit card numbers
- Social Security numbers (SSNs)
- passwords in URLs
Works with all types of logging - Ruby, Active Record, Active Job, and more
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? [["email", "[FILTERED]"]]
Works even when sensitive data is URL-encoded with plus encoding
Installation
Add this line to your application’s Gemfile:
gem "logstop"
And add it to your logger:
Logstop.guard(logger)
Rails
Create config/initializers/logstop.rb
with:
Logstop.guard(Rails.logger)
Options
To scrub IP addresses (IPv4), use:
Logstop.guard(logger, ip: true)
To scrub MAC addresses, use:
Logstop.guard(logger, mac: true)
Add custom rules with:
scrubber = lambda do |msg|
msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end
Logstop.guard(logger, scrubber: scrubber)
Disable default rules with:
Logstop.guard(logger,
email: false,
phone: false,
credit_card: false,
ssn: false,
url_password: false
)
To scrub outside of logging, use:
Logstop.scrub(msg)
It supports the same options as guard
.
Notes
This should be used in addition to config.filter_parameters
, not as a replacement.
Learn more about securing sensitive data in Rails.
Also:
- To scrub existing log files, check out scrubadub
- To anonymize IP addresses, check out IP Anonymizer
- To scan for unencrypted personal data in your database, check out pdscan
Resources
History
View the changelog
Contributing
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features
To get started with development:
git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
bundle exec rake test