From b51d33cb373e591d16892bde492616655ac9ec51 Mon Sep 17 00:00:00 2001
From: UMTS at Teleco <crt@teleco.ch>
Date: Sat, 13 Dec 2025 02:59:39 +0100
Subject: committing to insanit

---
 backend/seckelapi/config/logging.toml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 backend/seckelapi/config/logging.toml

(limited to 'backend/seckelapi/config/logging.toml')

diff --git a/backend/seckelapi/config/logging.toml b/backend/seckelapi/config/logging.toml
new file mode 100644
index 0000000..fdfc08a
--- /dev/null
+++ b/backend/seckelapi/config/logging.toml
@@ -0,0 +1,31 @@
+# Logging Configuration
+[logging]
+# all logs can be commented out to disable them if you want yk, because you probably dont need more than the combined log
+request_log = "./logs/request.log"
+query_log = "./logs/queries.log"
+error_log = "./logs/error.log"
+warning_log = "./logs/warning.log"
+info_log = "./logs/info.log"
+combined_log = "./logs/sequel.log"
+
+# Log levels: debug, info, warn, error
+level = "info"
+
+# mask fields that are sensitive in logs (they are hashed anyways but why log bcrypt hashes in ur logs thats dumb)
+mask_passwords = true
+
+# other values that we might not want in query logs (also applies to request logs)
+sensitive_fields = ["login_string", "password_reset_token", "pin_code"]
+
+# Custom log filters, route specific log entries to separate files using regex ... yes I have autism why are you asking?
+[[logging.custom_filters]]
+name = "security_violations"
+output_file = "./logs/security_violations.log"
+pattern = "(Permission denied|Too many WHERE|Authentication failed|invalid credentials|invalid PIN|invalid token)"
+enabled = true
+
+[[logging.custom_filters]]
+name = "admin_transactions"
+output_file = "./logs/admin_activity.log"
+pattern = "user=admin|power=100"
+enabled = true
-- 
cgit v1.2.3-70-g09d2