i'm using spray client consume third-party api. unfortunately, api i'm consuming not secure , utilizes authentication method using query parameters. we're getting timeouts or connection issues know deal applicatively. problem spray logs @ warn log-level, , url including sensitive query parameters () being written in our log files.
here's example of log file.
2015-05-19 12:23:17,024 warn httphostconnectionslot - connection attempt 10.10.10.10:443 failed in response request /api/?type=keygen&user=test_user&password=s3kret! 2 retries left, retrying... 2015-05-19 12:23:17,084 warn httphostconnectionslot - connection attempt 10.10.10.10:443 failed in response request /api/?type=keygen&user=test_user&password=s3kret! 1 retries left, retrying... is there way filter this? (maybe in akka?)
spray reuses akka-logging doing logging groundwork.
in akka can redeclare custom event logger in application config:
akka { # event-handlers = ["akka.event.logging$defaultlogger"] // default 1 event-handlers = ["com.example.privacylogger"] // custom 1 # options: error, warning, info, debug loglevel = "debug" } it may this:
class privacylogger extends defaultlogger { override def receive: receive = { case initializelogger(_) ⇒ sender() ! loggerinitialized case event: logevent ⇒ print(stripsecret(event)) } private def stripsecret(event:logevent) = ... } but can implement own message processing logic here instead of simple printing.
ps. if use slf4j logging, solution same, minor differences overriding akka.event.slf4j.slf4jeventhandler instead of defaultlogger.
Comments
Post a Comment