Added other password fileds to the Rails param log filter. Finished u…

…p Lograge config
CDLUC3 · Jan 29, 2025 · d8b0acb · d8b0acb
1 parent 16b64fe
commit d8b0acb
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 12 deletions.
diff --git a/Gemfile b/Gemfile
@@ -279,6 +279,13 @@ gem 'active_storage_validations'
 # See: https://github.com/roidrage/lograge
 gem 'lograge'
 
+# Logstash is part of the Elastic Stack along with Beats, Elasticsearch and Kibana. Logstash
+# is a server-side data processing pipeline that ingests data from a multitude of sources
+# simultaneously, transforms it, and then sends it to your favorite "stash."
+#
+# See: https://github.com/elastic/logstash
+gem 'logstash-event'
+
 # ================================= #
 # ENVIRONMENT SPECIFIC DEPENDENCIES #
 # ================================= #

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -386,6 +386,7 @@ GEM
       activesupport (>= 4)
       railties (>= 4)
       request_store (~> 1.0)
+    logstash-event (1.2.02)
     loofah (2.23.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -775,6 +776,7 @@ DEPENDENCIES
   ledermann-rails-settings
   listen
   lograge
+  logstash-event
   mail
   mimemagic
   mocha

diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
@@ -4,5 +4,6 @@
 # Use this to limit dissemination of sensitive information.
 # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
 Rails.application.config.filter_parameters += [
-  :password, :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+  :password, :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp,
+  :ssn, :current_password, :password_confirmation, :client_secret
 ]
diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb
@@ -1,31 +1,23 @@
 Rails.application.configure do
   config.lograge.enabled = true
 
-  # Use the LogStash format
+  # Use the LogStash format to get JSON instead of the standard Lograge one-liners
   config.lograge.formatter = Lograge::Formatters::Logstash.new
 
   # Include controller info in the available log payload
   config.lograge.custom_payload do |controller|
     {
       host: controller.request.host,
       user_id: controller.current_user.try(:id),
-      params: controller.params
     }
   end
 
   # Include the custom info from the event and payload
   config.lograge.custom_options = lambda do |event|
-    param_exceptions = %w(controller action format id)
+    params_to_skip = %w[_method action authenticity_token commit controller format id]
 
     {
-      # Timestamp
-      time: event.time,
-      # Controller params
-      params: event.payload[:params].except(*param_exceptions),
-      # The current user
-      user: event.payload[:user_id],
-      # Caller
-      host: event.payload[:host]
+      params: event.payload[:params].except(*params_to_skip)
     }
   end