Closed jstemerdink closed 6 years ago
tsimbalar
commented
6 years ago Hi Jeroen,
thanks for taking the time to issue a PR, but we will not take this change in as it changes the default behavior of the enricher in a non-obvious way.
I think it makes more sense to write your own ILogEventEnrichers that implement the logic you want and add them to your Logger Configuration.
Cheers !
nblumhardt
commented
6 years ago One useful addition here might be a DntEnricher that adds DNT=1 to events where this header is set. Based on that, a custom enricher further down the pipeline could remove/mask properties based on whether or not DNT is present on the event.
jstemerdink
commented
6 years ago I understand your point of view about changing the default behavior, but logging IP and Hostname fall under DNT legislation, at least it does in the EU. I could of course create my own enricher for logging IP and Hostname and I probably will, but it would be kind of duplicate as it's already in this package.
nblumhardt
commented
6 years ago @jstemerdink thanks for the feedback; just another angle: how these things are logged depends on a lot of contextual details.
For example, consider that the client could be an enterprise user on a work intranet, where DNT might for various reasons be ignored. Or, the logs could be going to an ephemeral diagnostic service because of problems being suffered by the customer - collecting various details for diagnostics might be fine in particular situations with particular usage practices.
Writing an enricher that removes data based on your product/organization's GDPR policy seems like the right approach, and has the benefit of being nicely auditable :-)
When a user has enabled DNT, don't add IP or HostName to logfiles