1

All the requests and responses are logged in a web framework, but it is logging(using the logging module) in passwords also (because passwords are in login requests).

Can i selectively print 'XXXXXXX' for password or any other fields i dont wish to print?

in authentication.py

import logging
from logging import config
logging.config.dictConfig({'version': 1, 'delete_existing_loggers': False, 'handlers': '.....'})

LOGGER = logging.getLogger(__name__)

##code to get variables from http request packet (like method, parameters)(for example, methods, params can be: [authentication.login, username, password], [authentication.change_password, username, old_password, new_password], [authentication.generate_validation_code, username]),
LOGGER.info('method %s with %s parameters called', method, params)

so here i want, for specific methods, some variables should be 'xxxxx' instead of original value, specifically if the method is 'authentication.login' I want to print 'xxxx' for second parameter in the params.

Thanks.

Improve this question
6
  • It's best to sanitize data at the application level, before you pass it down to the logging module. Of course, you could write some custom formatter that removes sensitive information, but that would be hard to maintain and it might not be 100% effective. Commented Apr 16, 2014 at 6:02
  • Try submitting password data using POST instead of GET Commented Apr 16, 2014 at 6:56
  • @SpoonMeiser this at the middleware where the requests are processed after variables are stripped out of http request. So will not work. Commented Apr 16, 2014 at 7:35
  • I don't understand. Please can you elaborate in the question; show us the code that does the logging, some example output or something? Commented Apr 16, 2014 at 23:36
  • @SpoonMeiser I have edited the question with some code. Commented Apr 17, 2014 at 9:48

2 Answers 2

Reset to default
2

Yes, that's possible. Take a look at the logging.Filter class. You need to subclass it and then register it with your logger.

Example:

class PasswordLoggingFilter(logging.Filter):
    def filter(self, record):
        # Modify record, especially record.msg and/or record.args.
        if want_to_keep_record:
            return True
        else:
            return False

logger.addFilter(PasswordLoggingFilter())

For the details of the record object, it's documented here.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Can you please tell if the parameters that we give in logger.info(msg, a, b) will a, b be available in record in filter function? I have tried it and by the time control reaches filter function, there seems to be no other arguments (a, b)
The record argument for the filter() function is an object of class LogRecord (see here. record.msg contains the original message string, record.args contains the arguments.
Thanks its working. Initially it did not work because in the dictConfi i passed handlers.
0

In addition to solution provided by Christian, if handlers are passed in dictConfig or fileConfig, handler classes should be subclassed and filters need to be added.

Code is taken from following web page: http://streamhacker.com/2010/04/08/python-logging-filters/

class InfoFilter(logging.Filter):
def filter(self, rec):
    return rec.levelno == logging.INFO

class InfoHandler(logging.StreamHandler):
def __init__(self, *args, **kwargs):
    StreamHandler.__init__(self, *args, **kwargs)
    self.addFilter(InfoFilter())

In addition if one wants to change record's arg field, one has to take it into a list and then change it and reassign it back.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.