View Source Ink (Ink v1.2.1)
A backend for the Elixir Logger
that logs JSON and filters your secrets.
Usage
To use Ink
for your logging, just configure it as a backend:
config :logger, backends: [Ink]
# optional additional configuration
config :logger, Ink,
name: "your app",
level: :info
Options
In total, the following options are supported by Ink
:
:name
the name of your app that will be added to all logs:io_device
the IO device the logs are written to (default::stdio
):level
the minimum log level for outputting messages (default::debug
):status_mapping
the mapping to use for log statuses (default::bunyan
):filtered_strings
secret strings that should not be printed in logs (default:[]
):filtered_uri_credentials
URIs that contain credentials for filtering (default:[]
):metadata
the metadata keys that should be included in the logs (default: all):exclude_hostname
exclude localhostname
from the log (default: false):log_encoding_error
whether to log errors that happen during JSON encoding (default: true)
Filtering secrets
Ink
can be configured to filter secrets out of your logs:
config :logger, Ink,
filtered_strings: ["password"]
Sometimes, you configure a connection using a URL. For example, a RabbitMQ
connection could be configured with the URL
"amqp://user:password@localhost:5672"
. Filtering the whole URL from your
logs doesn't do you any good. Therefore, Ink
has a separate option to pass
secret URLs:
config :logger, Ink,
filtered_uri_credentials: ["amqp://user:password@localhost:5672"]
This code will parse the URL and only filter "password"
from your logs.
Preventing reports on the terminal
When processes crash - which is a normal thing to happen in Elixir - OTP sends
reports to the handlers of the :error_logger
. In some environments, there is
a default handler that prints these to the terminal. Since it includes the
state of the crashed process, this can include secrets from your application.
Ink
is unable to filter these reports, because they are not printed using
the Logger
.
You can disable printing of these reports with the following line in your config:
config :sasl, sasl_error_logger: false
Metadata
If you don't configure any specific metadata, Ink
will include all metadata
as separate fields in the logged JSON. If you only want to include specific
metadata in your logs, you need to configure the included fields.
config :logger, Ink,
metadata: [:pid, :my_field]
Note: Since the term PID is also prevalent in the UNIX world, services like
LogStash expect an integer if they encounter a field named pid
. Therefore,
Ink
will log the PID as erlang_pid
.
Link to this section Summary
Functions
Callback implementation for :gen_event.code_change/3
.
Callback implementation for :gen_event.handle_call/2
.
Callback implementation for :gen_event.handle_event/2
.
Callback implementation for :gen_event.handle_info/2
.
Callback implementation for :gen_event.init/1
.
Callback implementation for :gen_event.terminate/2
.
Link to this section Functions
Callback implementation for :gen_event.code_change/3
.
Callback implementation for :gen_event.handle_call/2
.
Callback implementation for :gen_event.handle_event/2
.
Callback implementation for :gen_event.handle_info/2
.
Callback implementation for :gen_event.init/1
.
Callback implementation for :gen_event.terminate/2
.