Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support altering audit log serializers #1601

Closed
ekristen opened this issue Feb 7, 2018 · 10 comments
Closed

Support altering audit log serializers #1601

ekristen opened this issue Feb 7, 2018 · 10 comments
Labels
Stale

Comments

@ekristen
Copy link
Contributor

ekristen commented Feb 7, 2018
edited

Feature Request

Use Case

I want to be able to use custom serializers to sanitize sensitive fields. For example, using a hmac 256 hash of a parameter in a query string, or sanitizing the authorization header using a hmac256 hash.

Are you willing and able to implement this?

I'm willing to implement. I think the implementation is pretty straight forward, allow a custom serializer to be passed in for the req and res objects and basically if they are functions call them last before returning the custom version that already is present.
@retrohacker
Copy link
Member

Hey @ekristen!

Thank you for taking the time to open this feature request, and for volunteering to implement this in the codebase ❤️

I believe what you are trying to accomplish is already possible through Bunyan serializers.
https://www.npmjs.com/package/bunyan#serializers

Example:

var logger =  bunyan.createLogger({
  name: 'audit',
  stream: process.stdout
});
logger.addSerializers({
  req: function (req) {
    return { foo: req.foo, bar: hmac(req.bar) };
  }
});
server.on('after', restify.plugins.auditLogger({
  log: logger,
  server: server,
  logMetrics : logBuffer,
  printLog : true
}));

@ekristen
Copy link
Contributor Author

ekristen commented Feb 9, 2018

I'll try your pseudo code out but I'm fairly positive that will not work, I'd be happy to be wrong.

Please see https://github.com/restify/node-restify/blob/master/lib/plugins/audit.js#L210-L238

The audit logger creates a child and then specifically sets req and res serializers, but does allow for a custom error serializer.

@retrohacker
Copy link
Member

Oh interesting, yeah I'm not sure if they are chainable or if the child's serializer displaces the parent's. Interested to hear what you find!

@ekristen
Copy link
Contributor Author

ekristen commented Apr 9, 2018

AFAICT we'll have to modify the code to allow for a custom serializers to be passed to the auditLogger as it has a hardcoded default one.

@stale
Copy link

stale bot commented Jun 8, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Stale label Jun 8, 2018
@mattgoucher mattgoucher mentioned this issue Jun 12, 2018
Closed
3 tasks
@stale
Copy link

stale bot commented Jun 22, 2018

This issue has been automatically closed as stale because it has not had recent activity.

@stale stale bot closed this as completed Jun 22, 2018
@DonutEspresso DonutEspresso reopened this Jun 23, 2018
@stale stale bot removed the Stale label Jun 23, 2018
@stale
Copy link

stale bot commented Aug 22, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Stale label Aug 22, 2018
@stale
Copy link

stale bot commented Sep 5, 2018

This issue has been automatically closed as stale because it has not had recent activity.

@stale stale bot closed this as completed Sep 5, 2018
@OrthoDex
Copy link

Hi! Can this issue be readdressed? I have the same use case.

@retrohacker
Copy link
Member

I believe this is being addressed in #1746

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ekristen @retrohacker @DonutEspresso @OrthoDex