There must be an option to disable the logging of timing info ("Finished ... in (23ms) ...").

Users might have something logging that info already.

I'm implementing a custom printer multimethods to starting

(defmethod starting :my-starting
  [{:keys [logger] :as options} req]
  (info (ansi/style "Starting " :cyan)
        (select-keys req [:character-encoding
                          :content-length
                          :content-type
                          :query-string
                          :remote-addr
                          :request-method
                          :scheme
                          :server-name
                          :server-port
                          :uri
                          :identity])))

;;;
(wrap-with-logger {:printer :my-starting})

To avoid the others logs, I used only by the level of the log (request-details, sending-response), But the request-params it is also info as the startingand finished.
So, How can I stop log this request-params?

It is simply ignored.

I'm running Clojure 1.10 on Linux Mint Cinnamon 19 64-bits.

I've tried all these:

(defn -main
  [& args]
  (-> app
    logger/wrap-with-logger
    logger/wrap-log-request-params
    logger/wrap-log-request-start
    logger/wrap-log-response
    (run-jetty {:port (or (some-> args first Integer/parseInt) 3000)})))

(defn -main
  [& args]
  (-> app
    logger/wrap-log-request-params
    (run-jetty {:port (or (some-> args first Integer/parseInt) 3000)})))

(defn -main
  [& args]
  (-> app
    logger/wrap-with-logger
    logger/wrap-log-request-params
    (run-jetty {:port (or (some-> args first Integer/parseInt) 3000)})))

(defn -main
  [& args]
  (-> app
    logger/wrap-log-request-params
    logger/wrap-log-request-start
    logger/wrap-log-response
    (run-jetty {:port (or (some-> args first Integer/parseInt) 3000)})))

A remote code execution vulnerability exists in clojure/tools.logging prior to version 1.2.1, known as log4shell.

See https://clojurians.slack.com/archives/C06MAR553/p1639150352339200 and https://www.lunasec.io/docs/blog/log4j-zero-day/

Is there a migration guide somewhere?

I've seen the changelog but it only shows version 1.0 code, not how to get there from version 0.7.

Three arity fns (needed for ring async) just dropped (comparing with 0.7).

Hi, thanks for working on this. Is there a way to log the request body? If so, I haven't been able to figure it out.

I expected to pass :body to the :request-keys option in wrap-with-logger, but this errors with com.fasterxml.jackson.core.JsonGenerationException: Cannot JSON encode object of class: class org.eclipse.jetty.server.HttpInputOverHTTP: HttpInputOverHTTP@1a03aea5[c=0,q=0,[0]=null,s=STREAM]

Thanks.

Defining custom printers to do this is onerous for starting and especially for finished.

There should be a way to redact some params & headers that might contain sensitive information like passwords and auth tokens. There should be an easy way to pass a list of keys to be redacted from both of them.

Defaults should be provided (in code or documentation form) to use this feature when the authentication is being handled by common auth libraries like:

• friend
• buddy
• ring-basic-authentication

Hi Guys,

[02/10/17 08:03:05.194] I - nil Finished :get <URL-obscured> for 127.0.0.1 in (38 ms) Status: 200

I see the nil printed for both Starting and Finished but I don't see it for the exception output.

Does anyone know where I could look to see about how to figure out what this is supposed to be -- some variable is being printed with value nil obviously, but I'm not sure how to find it.

Thanks for your time.

Jason.

This is currently supported only by ring-logger-onelog. See if we can support it here in ring-logger, or add support in ring-logger-timbre otherwise.

It might even have the form of a suggestion for manual configuration by the user in our README. One way or another, it would be great if a user can get this feature from here.

For tracing and analytics it would be really useful to see request and response as well in one log message. Currently, as far as I understand there is no possibility to log response at all.

Is there any plans on it?

Reported by @little-arhat in clojurians a while ago. Example url that would make it to happen: "http://localhost:14587/?name"

EDIT: Looking into how different the new version is compared to the 0.7.x series, I decided to bump the new version to 1.0.0. It should help people realize that this is a major release that might (and actually does) contain breaking changes.

I've been feeling some discomfort when thinking about adding new features to ring.logger, or even when trying to use it! What the library provides is quite simple: an easy way to log some information about each request, in a way that is useful for monitoring in a production environment, but also for debugging in development.

I tried to make it customizable/adaptable by using multimethods, but in retrospect it doesn't sound like the best approach: As a user of the library, if I have to find out what multimethods to implement, and basically copy & paste the original fn to adapt it to my needs, then I will probably ditch the library and just add my own middleware. That what I (me, the maintainer of the library) have done on my latest projects. There must be a better way.

Long live ring-logger!

So here's the deal: I'll be working on a new version of the library which will have a more minimalist core, will accept a fn to change the output format (logs are not made of strings only), and will have minimal configuration options (with sensible defaults) for things like hiding sensitive values (redact-keys) or choosing which aspects of the request map to log. Might also leave that part to the output-fn.

The goal is to make it a no-brainer to use it on... let's say 80% of ring-based projects. Or well, at least on 100% of my own projects.

PS: I'd like to thank @pjlegato for creating the original ring.middleware.logger, and to all the current and past contributors, ring-logger wouldn't have gotten up to this point without your help!

Our application has to send user_token query parameter when doing authentication with websocket (which doesn't support Authorization header). The value is correctly redacted in Params map (based on redact-keys config), however it remains in the URL so the token is readable by anybody with access to the log . Can you please look at it?

I have a query string like this: /login?access_token=xxx123. ring-logger exposes redact-keys to filter access_token from the request params, but it's not filtered from the query-string. Any suggestions for filtering it? I'd be happy to submit a pull request.

Can you give a better idea on how to call wrap-with-body-logger if we are using timbre.
The function definition seems to be different than that of wrap-with-logger which I'm not sure why.