Logstop
:fire: Keep personally identifiable information (PII) out of your logs
logger.info "Hi [email protected]!"
# => Hi [FILTERED]!
By default, scrubs:
- email addresses
- phone numbers
- credit card numbers
- Social Security numbers (SSNs)
- passwords in URLs
Works with all types of logging - Ruby, ActiveRecord, ActiveJob, and more
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? [["email", "[FILTERED]"]]
Works even when sensitive data is URL-encoded
Installation
Add this line to your application’s Gemfile:
gem 'logstop'
And add it to your logger:
Logstop.guard(logger)
Rails
Create config/initializers/logstop.rb
with:
Logstop.guard(Rails.logger)
Options
To scrub IP addresses, use:
Logstop.guard(logger, ip: true)
Add custom rules with: [master]
scrubber = lambda do |msg|
msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end
Logstop.guard(logger, scrubber: scrubber)
To scrub outside of logging, use:
Logstop.scrub(msg)
It supports the same options as guard
.
Notes
This should be used in addition to config.filtered_parameters
, not as a replacement.
To scrub existing log files, check out scrubadub.
To anonymize IP addresses, check out IP Anonymizer.
Learn more about securing sensitive data in Rails.
Resources
History
View the changelog
Contributing
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features
To get started with development and testing:
git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
rake test