I am happy to share with you my first open-source project: LogMasker
LogMasker is a log masking library that makes it easy to mask confidential information directly in the logs. This is done by intercepting the log event and masking it even before it has a chance to be written. It is easy to integrate, works with both Log4j2 and Logback and is highly efficient. The log masking library can be easily added to your existing project and is highly configurable.
Check out the project at LogMasker - Log Masking library
What sensitive data can be masked
Currently, LogMasker can mask the following sensitive information:
- [x] Email addresses
- [x] IPv4 addresses
- [x] IBANs
- [x] Card numbers (PANs)
- [x] Passwords (if marked accordingly)
The maskers that are being used are easily configurable and the library allows you to write your own masker and include it in the masking process. By default, all maskers from above are used.
Performance
Each masker ads an additional layer of processing, so it is recommended that you only use the maskers that are needed for your business needs, especially if you have high throughput and write a lot of logs. There are performance tests for each masker as well as for integration directly with Log4j. Results on my machine are as follows:
Masker | Number of lines masked | Average time in ms (for all lines) |
---|---|---|
Email masker | 100000 | 30ms |
Password masker | 100000 | 163ms |
IP masker | 100000 | 33ms |
Card number masker | 100000 | 127ms |
IBAN masker (all countries) | 100000 | 450ms |
Masking Converter (all maskers) | 100000 | 713ms |
Masking Converter Exclusive (all masker) | 100000 | 356ms |
Log4j Integrated | 1000 (one log event) | 390ms |
Integration with Log4j
The library can be easily added and integrated with Log4J 2. Once imported into your project, it will provide a custom message converter (LogEventPatternConverter) which when used will mask all incoming data. To do this, replace the %m inside your message pattern with %msk or %mask.
Integration with Logback
The library can be easily added and integrated with Logback. Once imported into your project, it will provide a custom message converter (MessageConverter
) which can be used for all messages. To do this, include the following line in your configuration file:
<conversionRule conversionWord="mask" converterClass="com.ppopescu.logging.LogbackMaskingConverter" />
Download
You can view the source code and download the jar files from the projects repository over at LogMasker - Log Masking library
The library is under Apache 2.0 license, so you can use it with commercial projects as well.
Top comments (0)