Comments (10)
@rs would you have any advice for us? Our company is facing a similar issue, and a middleware sanitizer would be ideal. If you have some pointers, our team can do some digging and share a solution once we discover one.
from zerolog.
@shettyh you are correct, I misread your question.
Here's what chat gpt thinks about this: https://chat.openai.com/share/c177c6e9-78d8-4bfd-89c6-c20f9daf0c17
Looks like a custom writer interface could be an option?
from zerolog.
By message your mean the message
field or the while line?
from zerolog.
@rs just the message. i realize it's not foolproof and devs can still leak sensitive stuff via Str(), Int() etc, but it's a start.
from zerolog.
EDIT: just realized with the way zerolog works, it'll actually create 2 "message" keys since there isn't any dedupe functionality. So... my guess is this still won't work.
@worrel I just stumbled across this. I am also am looking to mutate the message on log. I've come up with the following below, but I'm not sure if this would be considered a "bad practice or not. Specifically whether or not a hook should be editing the "message" key on the logger.
// Create the hook:
type FilterSensitiveMsgDataHook struct{}
func (h FilterSensitiveMsgDataHook) Run(e *zerolog.Event, level zerolog.Level, msg string) {
e.Str("message", filterSensitiveMsgData(msg))
}
func filterSensitiveMsgData(msg string) string {
var filteredMsg string
/* filter data in msg text */
return filteredMsg
}
from zerolog.
The possibility to retrieve event's keys to sanitize values would be nice to have too.
from zerolog.
My workaround was to use a custom MarshalZerologObject
for my type:
type Config struct {
Username string
Password string
}
func (c Config) MarshalZerologObject(e *zerolog.Event) {
// Define a type identical to Config that isn't a LogObjectMarshaler to trick Event.Interface()
type T Config
var t T = (T)(c)
t.Password = "REDACTED"
e.Interface("config", t)
}
But this requires that you call .EmbedObject()
. I couldn't think of a way to let the code at the log point to specify the key. In my case that's not a problem.
from zerolog.
Have a similar requirement to scrub PII data from event before logging, any useful solutions for this ?
from zerolog.
@shettyh we solved it by adding a custom hook:
// See https://github.com/rs/zerolog/pull/559/files
// and https://github.com/rs/zerolog#contextcontext-integration
type PiiHook struct{}
func (h PiiHook) Run(e *zerolog.Event, level zerolog.Level, msg string) {
ctx := e.GetCtx()
// Implement me: massage 'msg' string and scrub PII patterns
}
When you construct the zerolog instance, register the hook:
return zerolog.New(output).With().Timestamp().Logger().Hook(PiiHook{})
You'll need to adapt the logic of your hook, but this function will run on every logger call.
from zerolog.
Thanks @issmirnov for the quick response, but with the hook there is no way to look at all the keys already added to event right ?. Only message can be checked AFAIK, ideally i would like to look at all the key/values in event and also message
from zerolog.
Related Issues (20)
- Caller confusion when using caller multiple times HOT 2
- Revert #597 HOT 1
- InterfaceMarshalFunc is not called when encoding JSON HOT 2
- Understanding "Zero Allocation" HOT 1
- Is there a recommended way to do batching of log lines and write at once ? HOT 1
- Logs as bytes in Stderr HOT 6
- Deep Example
- Latest official tagged release not up to date in github? HOT 1
- Add an option to limit max log's size after escaping
- Give debug level logs a color again
- ConsoleWriter uses the `level` field key to be invalid or panic? HOT 1
- diode writer does not flush when program exits HOT 1
- Should journald keys be sanitized to strip/replace invalid characters? HOT 2
- Differentiating Error Level Log Output in Terminal and Hook HOT 1
- getting name of the function where a log being called HOT 5
- Use TimestampFunc for sampling HOT 1
- Yu
- level, message are built-in keywords? Field keywords level or message are invalid HOT 1
- Hook after writing
- Support for msgpack encoder
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zerolog.