Filter sensitive data from the logs #5036
Assignees
Comments
simianhacker
added a commit
to simianhacker/kibana
that referenced
this issue
Sep 25, 2015
- Closes elastic#5036 - Add `applyFilterToKey()` - Add test for `applyFilterToKey()` - Add `filter` attribute to config for reporters - Add `this.filter` method to `LogFormat` class
|
Would it be possible for the filtered behavior to be the default, and require configuration/option application? |
|
@GlenRSmith The defaults implemented in #5038 automatically remove any |
|
These patches never made it into 4.2.0 so the logging of sensitive data is still a problem. |
|
It will go into 4.3 and possibly 4.2.1 |
epixa
pushed a commit
to epixa/kibana
that referenced
this issue
Nov 5, 2015
- Closes elastic#5036 - Add `applyFilterToKey()` - Add test for `applyFilterToKey()` - Add `filter` attribute to config for reporters - Add `this.filter` method to `LogFormat` class
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should make an effort to filter sensitive data from the logs. An good example would be to censor
req.headers.authorizationwhich would change this log entry:{ "@timestamp": "2015-09-25T16:19:02+00:00", "message": "GET /elasticsearch 200 5ms - 9.0B", "method": "get", "pid": 85866, "req": { "headers": { "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "accept-encoding": "gzip, deflate, sdch", "accept-language": "en-US,en;q=0.8", "authorization": "Basic dGVzdDp0ZXN0", "connection": "keep-alive", "host": "localhost:5601", "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36" }, "method": "get", "remoteAddress": "127.0.0.1", "url": "/elasticsearch", "userAgent": "127.0.0.1" }, "res": { "contentLength": 9, "responseTime": 5, "statusCode": 200 }, "statusCode": 200, "tags": [], "type": "response" }to this
{ "@timestamp": "2015-09-25T16:19:02+00:00", "message": "GET /elasticsearch 200 5ms - 9.0B", "method": "get", "pid": 85866, "req": { "headers": { "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "accept-encoding": "gzip, deflate, sdch", "accept-language": "en-US,en;q=0.8", "authorization": "Basic XXXXXXXXXXXX", "connection": "keep-alive", "host": "localhost:5601", "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36" }, "method": "get", "remoteAddress": "127.0.0.1", "url": "/elasticsearch", "userAgent": "127.0.0.1" }, "res": { "contentLength": 9, "responseTime": 5, "statusCode": 200 }, "statusCode": 200, "tags": [], "type": "response" }The text was updated successfully, but these errors were encountered: