How to filter unwanted logs from Heroku Papertrail

Unai A.   —  December 03, 2019  —  Coding  —   2 min. read

Some days ago we wanted to add Papertrail to one of our Heroku-hosted projects and discovered a problem: Heroku router was logging some critical information. In this blog post I’m going to explain you how to filter unwanted logs from the Heroku Papertrail add-on.

The challenge

When a merchant installs an app, a GET request is triggered to the app’s Callback URL with the information that the developer needs to identify the merchant. This information (like the api_url, the code or the signature) is sent as query parameters. The request looks like this:

GET /callback_url?code={code}&signature={signature}&return_url={return_url}&api_url={api_url}&access_token_url={access_token_url}

We didn’t want to store that information on our logs so we thought: “Ok, we are using Rails. Let’s add some filtering to config/initializers/filter_parameter_logging.rb, so we added the following to the file:

Rails.application.config.filter_parameters += [
  :signature,
  :return_url,
  :api_url,
  :access_token_url,
  :code]

It worked! Our local development logs looked like this:

Started GET "/callback_url?access_token_url=[FILTERED]&api_url=[FILTERED]&code=[FILTERED]&return_url=[FILTERED]&signature=[FILTERED]"`

Parameters: {"access_token_url"=>"[FILTERED]", "api_url"=>"[FILTERED]", "code"=>"[FILTERED]", "return_url"=>"[FILTERED]", "signature"=>"[FILTERED]"}`

But when we pushed these changes to Heroku and installed the Papertrail add-on we discovered that, yes, Rails logs were correctly filtered, but Heroku was still logging the request with the heroku/router program:

heroku/router: at=info method=GET path="/callback_url?access_token_url=<real-info>&api_url=<real-info>&code=<real-info>&return_url=<real-info>&signature=<real-info>" ...

The solution

In order to prevent Heroku router from filtering unwanted parameters, you can do the following:

  1. In Papertrail go to Settings > Filter logs > Add Log Filter.
  2. Select Regex filter type and fill out the filter with the following code: heroku\/router:.*(signature|return_url|api_url|access_token_url|code)
  3. Activate the filter

Et voilà! With this configuration, logs from heroku/router that contain your secret parameters will be ignored and never saved.

About the author

Unai Abrisketa is a Ruby on Rails Developer. He is fond of clean code, and always eager to learn new technologies.
rails
heroku
papertrail
logs

How to keep up your code quality

Paolo
Dec 05, 2019
 Coding

How to bootstrap an application with authentication using Firebase

Florian O.
Nov 07, 2019
 Coding

How the “Graphic Design Innovation Lab” boosted my creativity

Svenja
Dec 20, 2021
 Events

Cookie settings

Our website uses cookies to improve your user experience. Some cookies are required for the basic functionality of the website while other cookies help us to improve our content and layout. You can agree to all cookies by selecting "Accept all" or you can select "Accept required" to confirm only the required ones. Further information can be found in our Data protection declaration.
Accept required Accept all