Logstop

:fire: Keep personally identifiable information (PII) out of your logs

logger.info "Hi [email protected]!"# => Hi [FILTERED]!

By default, scrubs:

  • email addresses
  • phone numbers
  • credit card numbers
  • Social Security numbers (SSNs)
  • passwords in URLs

Works with all types of logging - Ruby, ActiveRecord, ActiveJob, and more

User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = ?  [["email", "[FILTERED]"]]

Works even when sensitive data is URL-encoded

Build Status

Installation

Add this line to your application’s Gemfile:

gem 'logstop'

And add it to your logger:

Logstop.guard(logger)

Rails

Create config/initializers/logstop.rb with:

Logstop.guard(Rails.logger)

Options

To scrub IP addresses, use:

Logstop.guard(logger, ip: true)

Add custom rules with:

scrubber = lambda do |msg|
  msg.gsub(/custom_regexp/, "[FILTERED]".freeze)
end

Logstop.guard(logger, scrubber: scrubber)

To scrub outside of logging, use:

Logstop.scrub(msg)

It supports the same options as guard.

Notes

This should be used in addition to config.filtered_parameters, not as a replacement.

Learn more about securing sensitive data in Rails.

Also:

  • To scrub existing log files, check out scrubadub
  • To anonymize IP addresses, check out IP Anonymizer
  • To scan for unencrypted personal data in your database, check out pdscan

Resources

History

View the changelog

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

To get started with development and testing:

git clone https://github.com/ankane/logstop.git
cd logstop
bundle install
rake test