Skip to content

Improve instructions on sanitizing logs #1763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pavangudiwada merged 3 commits into from
Apr 15, 2025
Merged

Improve instructions on sanitizing logs #1763

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
61df313
Update additional-settings.rst
aantn Mar 24, 2025
9178e81
Merge branch 'master' into docs-improve-sanitizing-instructions
pavangudiwada Mar 24, 2025
532eb0e
Merge branch 'master' into docs-improve-sanitizing-instructions
pavangudiwada Apr 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 34 additions & 38 deletions docs/setup-robusta/additional-settings.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,65 +144,61 @@ To **enable** interactivity, set the following in your `generated_values.yaml` f
Censoring Logs
----------------

Pod logs gathered by Robusta can be censored using regexes. For example, a payment processing pod might have credit card numbers in its log. These can be sanitized in-cluster.
Pod logs gathered by Robusta can be censored using `Python regular expressions <https://www.w3schools.com/python/python_regex.asp>`_. For example, a payment processing pod might have credit card numbers or other sensitive information in its logs. These can be automatically sanitized before they appear in notifications.

This feature applies to the following Robusta actions:
**How to Enable Log Censoring for All Logs**

- :code:`logs_enricher`
- :code:`report_crash_loop`
To censor sensitive information in all logs, add the following to your Helm values file:

To censor logs, define a `python regex <https://www.w3schools.com/python/python_regex.asp>`_ for expressions you wish to filter.
.. code-block:: yaml

For example:
globalConfig:
regex_replacement_style: SAME_LENGTH_ASTERISKS # Alternative: NAMED
regex_replacer_patterns:
- name: CreditCard
regex: "[0-9]{4}[- ][0-9]{4}[- ][0-9]{4}[- ][0-9]{4}"
- name: Email
regex: "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
- name: UUID
regex: "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"

.. code-block:: yaml
After adding these values, perform a Helm upgrade:

.. code-block:: bash

- logs_enricher:
regex_replacement_style: SAME_LENGTH_ASTERISKS # You can also use NAMED
regex_replacer_patterns:
- name: MySecretPort
regex: "my secret port \\d+"
- name: UUID
regex: "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
helm upgrade robusta robusta/robusta -f values.yaml

Given the following input:
**Example: Before and After Censoring**

Given the following pod log:

.. code-block::

# Input (actual pod log):
# Original pod log:
2022-07-28 08:24:45.283 INFO user's uuid: '193836d9-9cce-4df9-a454-c2edcf2e80e5'
2022-07-28 08:35:00.762 INFO Successfully loaded some critical module
2022-07-28 08:35:01.090 INFO using my secret port 114, ip: ['172.18.0.3']
2022-07-28 08:35:00.762 INFO Customer email: user@example.com
2022-07-28 08:35:01.090 INFO Payment processed with card: 4111-1111-1111-1111

The censored output will be:
The censored output will appear as:

.. code-block::

# Output for SAME_LENGTH_ASTERISKS (How it will appear in Slack, for example):

# Using SAME_LENGTH_ASTERISKS style:
2022-07-28 08:24:45.283 INFO user's uuid: '************************************'
2022-07-28 08:35:00.762 INFO Successfully loaded some critical module
2022-07-28 08:35:01.090 INFO using ******************, ip: ['172.18.0.3']

# Output for NAMED (How it will appear in Slack, for example):
2022-07-28 08:35:00.762 INFO Customer email: ****************
2022-07-28 08:35:01.090 INFO Payment processed with card: *******************

# Using NAMED style:
2022-07-28 08:24:45.283 INFO user's uuid: '[UUID]'
2022-07-28 08:35:00.762 INFO Successfully loaded some critical module
2022-07-28 08:35:01.090 INFO using [MySecretPort], ip: ['172.18.0.3']

It is best to define this in a :ref:`Global Config`, so it will be applied everywhere.
2022-07-28 08:35:00.762 INFO Customer email: [Email]
2022-07-28 08:35:01.090 INFO Payment processed with card: [CreditCard]

.. code-block:: yaml
**Note:** This censoring applies to logs displayed in Robusta's built-in notifications, including those shown by the following Robusta actions:

globalConfig: # Note: no need to specify logs_enricher or report_crash_loop by name here.
regex_replacement_style: SAME_LENGTH_ASTERISKS
regex_replacer_patterns:
- name: MySecretPort
regex: "my secret port \\d+"
- name: UUID
regex: "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
- :code:`logs_enricher` - Shows container logs in various alerts
- :code:`report_crash_loop` - Shows container logs for crashing pods

Place these values inside Robusta's Helm values and perform a :ref:`Helm Upgrade <Simple Upgrade>`.
For specific actions, you can also override these settings in your playbook definitions if needed.


Memory allocation on big clusters
Expand Down
Loading