Logstop

:fire: Keep personally identifiable information (PII) out of your logs

logger.info "Hi test@example.org!"
# => Hi [FILTERED]!

By default, scrubs:

• email addresses
• phone numbers
• credit card numbers
• Social Security numbers (SSNs)
• passwords in URLs

Works with all types of logging - Ruby, ActiveRecord, ActiveJob, and more

User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = ?  [["email", "[FILTERED]"]]

Works even when sensitive data is URL-encoded

Installation

Add this line to your application’s Gemfile:

gem 'logstop'

And add it to your logger:

Logstop.guard(logger)

Rails

Create config/initializers/logstop.rb with:

Logstop.guard(Rails.logger)

Options

To scrub IP addresses, use:

Logstop.guard(logger, ip: true)

Add custom rules with: [master]

scrubber = lambda do |msg|
  msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end

Logstop.guard(logger, scrubber: scrubber)

To scrub outside of logging, use:

Logstop.scrub(msg)

It supports the same options as guard.

Notes

This should be used in addition to config.filtered_parameters, not as a replacement.

To scrub existing log files, check out scrubadub.

To anonymize IP addresses, check out IP Anonymizer.

Learn more about securing sensitive data in Rails.

Resources

• List of PII, as defined by NIST

History

View the changelog

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

• Report bugs
• Fix bugs and submit pull requests
• Write, clarify, or fix documentation
• Suggest or add new features

To get started with development and testing:

git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
rake test