NAME
Log::Log4perl::Layout::PatternLayout::Redact - Add stack traces without sensitive information in Log::Log4perl logs.
DESCRIPTION
Log::Log4perl
offers the ability to add stack traces to layouts using %T in pattern layouts (see Log::Log4perl::Layout::PatternLayout
).
However, stack traces contain a list of arguments, and those arguments can be sensitive data like passwords or credit card data. This module redacts the sensitive information, replacing them with '[redacted]' so that the stack traces can be PCI-compliant.
VERSION
Version 1.2.0
SYNOPSIS
use Log::Log4perl::Layout::PatternLayout::Redact;
Redacting stack traces
Here's an example of log4perl configuration that outputs a redacted trace (use %E instead of %T) :
log4perl.logger = WARN, logfile
log4perl.appender.logfile = Log::Log4perl::Appender::File
log4perl.appender.logfile.filename = $file_name
log4perl.appender.logfile.layout = Log::Log4perl::Layout::PatternLayout::Redact
log4perl.appender.logfile.layout.ConversionPattern = %d %p: (%X{host}) %P %F:%L %M - %m{chomp}%E
log4perl.appender.logfile.recreate = 1
log4perl.appender.logfile.mode = append
To set your own list of arguments to redact, rather than use the defaults in Carp::Parse::Redact
, you need to set a localized version of $SENSITIVE_ARGUMENT_NAMES:
local $Log::Log4perl::Layout::PatternLayout::Redact::SENSITIVE_ARGUMENT_NAMES =
[
'password',
'luggage_combination',
'favorite_pony',
];
And hash keys in the stack trace that match these names will have their values replaced with '[redacted]'.
To set your own list of regexes to use for redaction, rather than use the defaults in Carp::Parse::Redact
, you need to set a localized version of $SENSITIVE_REGEXP_PATTERNS:
local $Log::Log4perl::Layout::PatternLayout::Redact::SENSITIVE_REGEXP_PATTERNS =
[
qr/^\d{16}$/,
]
And any argument in the stack trace that matches one of the regexes provided will be replaced with '[redacted]'.
Be sure to do the localizations of the package variables after you have initialized your logger.
Redacting messages
Here's an example of log4perl configuration that outputs a redacted message (use %e instead of %m) :
log4perl.logger = WARN, logfile
log4perl.appender.logfile = Log::Log4perl::Appender::File
log4perl.appender.logfile.filename = $file_name
log4perl.appender.logfile.layout = Log::Log4perl::Layout::PatternLayout::Redact
log4perl.appender.logfile.layout.ConversionPattern = %d %p: (%X{host}) %P %F:%L %M - %e
log4perl.appender.logfile.recreate = 1
log4perl.appender.logfile.mode = append
To redact the message, you will need to write your own redaction subroutine as follows:
local $Log::Log4perl::Layout::PatternLayout::Redact::MESSAGE_REDACTION_CALLBACK = sub
{
my ( $message ) = @_;
# Do replacements on the messages to redact sensitive information.
$message =~ s/(password=")[^"]+(")/$1\[redacted\]$2/g;
return $message;
};
Be sure to do the localizations of the package variable after you have initialized your logger.
AUTHOR
Kate Kirby, <kate at cpan.org>
.
Guillaume Aubert, <aubertg at cpan.org>
.
BUGS
Please report any bugs or feature requests to bug-log-log4perl-layout-patternlayout-redact at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Log-Log4perl-Layout-PatternLayout-Redact. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Log::Log4perl::Layout::PatternLayout::Redact
You can also look for information at:
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Log-Log4perl-Layout-PatternLayout-Redact
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/Log-Log4perl-Layout-PatternLayout-Redact
CPAN Ratings
http://cpanratings.perl.org/d/Log-Log4perl-Layout-PatternLayout-Redact
Search CPAN
http://search.cpan.org/dist/Log-Log4perl-Layout-PatternLayout-Redact/
ACKNOWLEDGEMENTS
Thanks to ThinkGeek (http://www.thinkgeek.com/) and its corporate overlords at Geeknet (http://www.geek.net/), for footing the bill while we eat pizza and write code for them!
COPYRIGHT & LICENSE
Copyright 2012 Kate Kirby & Guillaume Aubert.
This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License.
See http://dev.perl.org/licenses/ for more information.