Easily log API requests and responses to your own security data lake.
- Dependencies
- Installing With Maven
- Logging From Servlet Filter
- Logging From Spring Boot
- Logging From Spark Framework
- Logging From Jersey
- Logging With API
- Protecting User Privacy
Requires Java 8+ and Java servlet classes, which are not included. No other dependencies to conflict with your app.
Add this section to pom.xml:
<dependency>
<groupId>io.resurface</groupId>
<artifactId>resurfaceio-logger</artifactId>
<version>2.2.0</version>
</dependency>Add this section too if servlet classes are not already available.
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>RELEASE</version>
</dependency>After installing the library, add a logging filter to web.xml.
<filter>
<filter-name>HttpLoggerForServlets</filter-name>
<filter-class>io.resurface.HttpLoggerForServlets</filter-class>
<init-param>
<param-name>url</param-name>
<param-value>http://localhost:7701/message</param-value>
</init-param>
<init-param>
<param-name>rules</param-name>
<param-value>include debug</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HttpLoggerForServlets</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>Add a CDATA section when specifying multiple rules at once like this:
<init-param>
<param-name>rules</param-name>
<param-value><![CDATA[
include debug
sample 10
]]></param-value>
</init-param>After installing the library, configure a FilterRegistrationBean
to add a logging servlet filter.
@Bean
public FilterRegistrationBean httpLoggerFilter() {
FilterRegistrationBean frb = new FilterRegistrationBean();
frb.setFilter(new io.resurface.HttpLoggerForServlets());
frb.setName("HttpLoggerForServlets");
frb.addUrlPatterns("/*");
frb.addInitParameter("url", "http://localhost:7701/message");
frb.addInitParameter("rules", "include debug");
return frb;
}After installing the library, create a logger and call it from the routes of interest.
import io.resurface.*;
HttpLogger logger = new HttpLogger("http://localhost:7701/message", "include debug");
get("/hello", (request, response) -> {
String response_body = "Hello World";
HttpMessage.send(logger, request.raw(), response.raw(), response_body);
return response_body;
});
post("/hello_post", (request, response) -> {
String response_body = "POSTED: " + request.body();
HttpMessage.send(logger, request.raw(), response.raw(), response_body, request.body());
return response_body;
});Alternatively configure an after filter to log across multiple routes at once.
after((request, response) -> {
if (response.body() != null) { // log successful responses only, not 404/500s
HttpMessage.send(logger, request.raw(), response.raw(), response.body(), request.body());
}
});After installing the library, register a logger as a Jersey filter/interceptor. Note this will only log usage when a response body is returned.
ResourceConfig resourceConfig = new ResourceConfig(...);
resourceConfig.register(new io.resurface.HttpLoggerForJersey("http://localhost:7701/message", "include debug"));
HttpServer server = GrizzlyHttpServerFactory.createHttpServer(BASE_URI, resourceConfig, false);Loggers can be directly integrated into your application using our API. This requires the most effort compared with the options described above, but also offers the greatest flexibility and control.
Loggers always have an active set of rules that control what data is logged
and how sensitive data is masked. All of the examples above apply a predefined set of rules (include debug),
but logging rules are easily customized to meet the needs of any application.
© 2016-2024 Graylog, Inc.