Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow logger handler to know about HTTP request details #420

Merged
merged 1 commit into from
Nov 14, 2024
Merged

feat: allow logger handler to know about HTTP request details #420

merged 1 commit into from
Nov 14, 2024

Conversation

grzuy
Copy link
Contributor

@grzuy grzuy commented Nov 13, 2024
edited
Loading

Following up #417.

Another piece that helps switch from plug_cowboy to bandit without losing features in this Error Tracking / Logging area.

In plug_cowboy: elixir-plug/plug_cowboy#57.

Example of a logger handler that consumes the conn made available as metadata by plug_cowboy:

@mtrudel
Copy link
Owner

mtrudel commented Nov 13, 2024

Correct me if i'm wrong, but this is pushing the entirety of the conn across to the logger and is thus ending up in people's logging stacks correct? If so, this is a bit of a deal breaker (at least by default) since it would be also exposing cookies and other sensitive bits as part of that.

@grzuy
Copy link
Contributor Author

grzuy commented Nov 14, 2024
edited
Loading

Correct me if i'm wrong, but this is pushing the entirety of the conn across to the logger and is thus ending up in people's logging stacks correct?

It depends, but probably not.

It will depend on what logger formatter the application is using and how it is configured.

That said, I don't expect any formatters to push all metadata blindly by default.

Elixir Logger's default formatter will not print any non-string metadata unless the key is explicitly listed in the configuration. So in that case, will not be included in printed logs by default.

For Elixir applications sending logs to third-party services, I guess it depends on what their built-in logger formatters do by default. I may be wrong, but I expect none to, by default, include all logger metadata blindly.

To go over one example, logger_json, which supports sending logs as JSON to several popular services, will, by default, NOT send any metadata as far as I understand, per

image
image

source: https://hexdocs.pm/logger_json/6.2.1/LoggerJSON.html#module-shared-options

It can be set to metadata: {:all_except, [:conn]}, which is given as an example in its README: https://github.com/Nebo15/logger_json?tab=readme-ov-file#configuration.

Then, each of the 4 built-in formatters use that :conn metadata value, to extract useful request details before reporting to these 3rd party following their expected JSON schema.

Worth noting that the presence of the conn in the logger metadata by default is something that plug_cowboy has since 2020.

@mtrudel
Copy link
Owner

mtrudel commented Nov 14, 2024

Fair! Let's :shipit:

@mtrudel mtrudel merged commit e2cb861 into mtrudel:main Nov 14, 2024
24 of 27 checks passed
@grzuy grzuy deleted the logger-exception-metadata-conn branch November 14, 2024 15:02
@grzuy
Copy link
Contributor Author

grzuy commented Nov 15, 2024

Thanks Mat!

For what is worth, been running a phoenix production app against bandit main since yesterday, no issues.

Also tested:

  • A throw was handled ✔️
  • crash_reason and conn are sent as logger metadata ✔️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@grzuy @mtrudel