DEV Community

Cover image for LogMasker - OpenSource masking library for Java
pazvanti
pazvanti

Posted on • Originally published at gitlab.com

LogMasker - OpenSource masking library for Java

I am happy to share with you my first open-source project: LogMasker

LogMasker is a log masking library that makes it easy to mask confidential information directly in the logs. This is done by intercepting the log event and masking it even before it has a chance to be written. It is easy to integrate, works with both Log4j2 and Logback and is highly efficient. The log masking library can be easily added to your existing project and is highly configurable.

Check out the project at LogMasker - Log Masking library

What sensitive data can be masked

Currently, LogMasker can mask the following sensitive information:

  • [x] Email addresses
  • [x] IPv4 addresses
  • [x] IBANs
  • [x] Card numbers (PANs)
  • [x] Passwords (if marked accordingly)

The maskers that are being used are easily configurable and the library allows you to write your own masker and include it in the masking process. By default, all maskers from above are used.

Performance

Each masker ads an additional layer of processing, so it is recommended that you only use the maskers that are needed for your business needs, especially if you have high throughput and write a lot of logs. There are performance tests for each masker as well as for integration directly with Log4j. Results on my machine are as follows:

Masker Number of lines masked Average time in ms (for all lines)
Email masker 100000 30ms
Password masker 100000 163ms
IP masker 100000 33ms
Card number masker 100000 127ms
IBAN masker (all countries) 100000 450ms
Masking Converter (all maskers) 100000 713ms
Masking Converter Exclusive (all masker) 100000 356ms
Log4j Integrated 1000 (one log event) 390ms

Integration with Log4j

The library can be easily added and integrated with Log4J 2. Once imported into your project, it will provide a custom message converter (LogEventPatternConverter) which when used will mask all incoming data. To do this, replace the %m inside your message pattern with %msk or %mask.

Integration with Logback

The library can be easily added and integrated with Logback. Once imported into your project, it will provide a custom message converter (MessageConverter) which can be used for all messages. To do this, include the following line in your configuration file:

<conversionRule conversionWord="mask" converterClass="com.ppopescu.logging.LogbackMaskingConverter" />
Enter fullscreen mode Exit fullscreen mode

Download

You can view the source code and download the jar files from the projects repository over at LogMasker - Log Masking library

The library is under Apache 2.0 license, so you can use it with commercial projects as well.

Discussion (0)