Why all logger don't log the request body

polaris · · 36 次点击    
<p>I have surfing many web framework, many of them provide a logger middleware to log http method, url and time, but none of then log the url values or body. In my opinion, if something wrong, the url doesn&#39;t matter, but the body can offer the info the help us debug.</p> <hr/>**评论:**<br/><br/>kapoof_euw: <pre><p>I don&#39;t think that&#39;s behaviour you want by default? You need to read the body, which can toss an error, and you have no way of knowing how large that body is, or what it contains. That would not be a very safe method of logging.</p> <p>Middleware like Gorilla allows you to set a custom logger though. You could simply wrap an existing logger with your body-reading functionality, and add that to the middleware? :)</p></pre>nlimpid: <pre><p>I see. I do write my logger to record request body, But I ignore the body size and content problem. Thank you everyone.</p></pre>Redundancy_: <pre><p>There are also security implications of logging private details like passwords</p></pre>therealfakemoot: <pre><p>Logging HTTP request bodies is probably only going to be worthwhile in a handful a scenarios like PUT and POST requests; the rest are going to end up being GET requests and use URL parameters and thus you don&#39;t NEED the body to determine the code paths in question.</p> <p>Additionally, as <a href="/u/Redundancy_" rel="nofollow">/u/Redundancy_</a> mentioned there are security implications in just dumping this information to disk or to a database or god forbid a service like Splunk or Logstash. You&#39;d be dumping plaintext usernames/passwords, credit card info, whatever.</p> <p>FINALLY you mentioned that you <em>have</em> code that currently isn&#39;t working. If you can build a minimal reproducing sample ( cut out every possible piece of code that isn&#39;t directly related to the problem ) and post it, you might get some practical assistance.</p></pre>tmornini: <pre><p>The problem is the body of an HTTP request can be bigger than is practically logable...</p></pre>kaeshiwaza: <pre><p>It&#39;s also a quick solution to test an app. You take a snapshot of the data and redo the posts...</p></pre>
36 次点击  
加入收藏 微博
0 回复
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet