# Logging Configuration
[logging]
# all logs can be commented out to disable them if you want yk, because you probably dont need more than the combined log
request_log = "./logs/request.log"
query_log = "./logs/queries.log"
error_log = "./logs/error.log"
warning_log = "./logs/warning.log"
info_log = "./logs/info.log"
combined_log = "./logs/sequel.log"

# Log levels: debug, info, warn, error
level = "info"

# mask fields that are sensitive in logs (they are hashed anyways but why log bcrypt hashes in ur logs thats dumb)
mask_passwords = true

# other values that we might not want in query logs (also applies to request logs)
sensitive_fields = ["login_string", "password_reset_token", "pin_code"]

# Custom log filters, route specific log entries to separate files using regex ... yes I have autism why are you asking?
[[logging.custom_filters]]
name = "security_violations"
output_file = "./logs/security_violations.log"
pattern = "(Permission denied|Too many WHERE|Authentication failed|invalid credentials|invalid PIN|invalid token)"
enabled = true

[[logging.custom_filters]]
name = "admin_transactions"
output_file = "./logs/admin_activity.log"
pattern = "user=admin|power=100"
enabled = true