Project

logstop

0.14
A long-lived project that still receives updates
Keep personal data out of your logs
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies
 Project Readme

Logstop

🔥 Keep personal data out of your logs

logger.info "Hi test@example.org!"
# => Hi [FILTERED]!

By default, scrubs:

  • email addresses
  • phone numbers
  • credit card numbers
  • Social Security numbers (SSNs)
  • passwords in URLs

Works with all types of logging - Ruby, Active Record, Active Job, and more

User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = ?  [["email", "[FILTERED]"]]

Works even when sensitive data is URL-encoded with plus encoding

Build Status

Installation

Add this line to your application’s Gemfile:

gem "logstop"

And add it to your logger:

Logstop.guard(logger)

Rails

Create config/initializers/logstop.rb with:

Logstop.guard(Rails.logger)

Options

To scrub IP addresses (IPv4), use:

Logstop.guard(logger, ip: true)

To scrub MAC addresses, use:

Logstop.guard(logger, mac: true)

Add custom rules with:

scrubber = lambda do |msg|
  msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end

Logstop.guard(logger, scrubber: scrubber)

Disable default rules with:

Logstop.guard(logger,
  email: false,
  phone: false,
  credit_card: false,
  ssn: false,
  url_password: false
)

To scrub outside of logging, use:

Logstop.scrub(msg)

It supports the same options as guard.

Notes

This should be used in addition to config.filter_parameters, not as a replacement.

Learn more about securing sensitive data in Rails.

Also:

  • To scrub existing log files, check out scrubadub
  • To anonymize IP addresses, check out IP Anonymizer
  • To scan for unencrypted personal data in your database, check out pdscan

Resources

History

View the changelog

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

To get started with development:

git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
bundle exec rake test