New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support altering audit log serializers #1601
Comments
Hey @ekristen! Thank you for taking the time to open this feature request, and for volunteering to implement this in the codebase ❤️ I believe what you are trying to accomplish is already possible through Bunyan serializers. Example: var logger = bunyan.createLogger({
name: 'audit',
stream: process.stdout
});
logger.addSerializers({
req: function (req) {
return { foo: req.foo, bar: hmac(req.bar) };
}
});
server.on('after', restify.plugins.auditLogger({
log: logger,
server: server,
logMetrics : logBuffer,
printLog : true
})); |
I'll try your pseudo code out but I'm fairly positive that will not work, I'd be happy to be wrong. Please see https://github.com/restify/node-restify/blob/master/lib/plugins/audit.js#L210-L238 The audit logger creates a child and then specifically sets req and res serializers, but does allow for a custom error serializer. |
Oh interesting, yeah I'm not sure if they are chainable or if the child's serializer displaces the parent's. Interested to hear what you find! |
AFAICT we'll have to modify the code to allow for a custom serializers to be passed to the auditLogger as it has a hardcoded default one. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed as stale because it has not had recent activity. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed as stale because it has not had recent activity. |
Hi! Can this issue be readdressed? I have the same use case. |
I believe this is being addressed in #1746 |
Feature Request
Use Case
I want to be able to use custom serializers to sanitize sensitive fields. For example, using a hmac 256 hash of a parameter in a query string, or sanitizing the authorization header using a hmac256 hash.
Are you willing and able to implement this?
I'm willing to implement. I think the implementation is pretty straight forward, allow a custom serializer to be passed in for the req and res objects and basically if they are functions call them last before returning the custom version that already is present.
The text was updated successfully, but these errors were encountered: