gollog is a high-performance security middleware designed to enforce data sovereignty at the application layer. By intercepting log events within the Python runtime, gollog programmatically scrubs PII (Personally Identifiable Information), SPI (Sensitive Personal Information), and infrastructure secrets before they transition from volatile memory to persistent storage.
Unlike standard log-scanning agents that monitor data at rest (post-write), gollog operates as an in-process interceptor. This architectural choice addresses several critical security gaps:
Traditional log management suites (e.g., Splunk, ELK) process logs after they reach the disk or a network buffer.
- Security Gap: Cleartext secrets exist in a "window of vulnerability" on the host filesystem.
- The gollog Solution: Redaction occurs at the Object-level. By processing the
event_dictprior to rendering, the sensitive payload is eliminated in RAM. The unredacted string never touches the console, local buffers, or the filesystem.
Standard regex scanners typically analyze the primary message string but overlook the Metadata Context.
- The gollog Solution: The engine performs a recursive sweep of all dictionary keys. This ensures that metadata injected by third-party libraries—such as
boto3,requests, orDjango—is subject to the same rigorous security policies as the primary log message.
Pattern matching alone often leads to high false-positive rates, creating "log noise" that obscures real issues.
- The gollog Solution: For financial data (PCI DSS), gollog utilizes the Luhn Algorithm. The engine identifies potential credit card strings via regex but only executes redaction if the checksum validates the string as a legitimate card number.
- Regex-Based Redaction: Enables security teams to define sensitive patterns (ARNs, API Keys, Tokens) in portable, human-readable YAML files for rapid policy updates.
- Universal Interception: Utilizing a custom
InterceptHandlerhooked into the Pythonlogging.rootnode, gollog automatically catches and cleans logs from standard libraries (likeboto3,requests, etc.) without code modifications. - Recursive Safety: Features a built-in Circuit Breaker logic to prevent infinite logging loops—a common failure point in custom logging wrappers that can lead to resource exhaustion.
- Structured Output: Native support for both Human-Readable (Console) formats for development and Machine-Readable (JSON) formats for production ingestion (SIEM/CloudWatch).
- Python: 3.13+
- Core Dependencies:
structlog,PyYAML
from gollog import init_secure_logging
import structlog
# Initialize secure logging with custom rules and JSON output
init_secure_logging(rules_dir="rules", output_json=True)
logger = structlog.get_logger()
# Automatically redacted in memory:
logger.info("Transaction processed",
auth_token="xoxb-9927398716-secret",
card_number="4242424242424242")| Security Pillar | Agent-Based Scanners | gollog Middleware |
|---|---|---|
| Data Residency | Cleartext exists on disk/buffer | Zero cleartext residency |
| Detection Logic | Stateless Regex | Stateful / Algorithmic |
| System Overhead | High (Log Forwarding Agents) | Low (In-process execution) |
| Recursive Safety | None | Internal Circuit Breaker |
The project includes a comprehensive suite of unit tests focusing on edge-case scenarios, including race-condition simulations and bridge logic for standard library interception.
pytest test_guard_logs.pyBuilt for environments following AWS Certified Security best practices and GDPR/CCPA data sovereignty requirements. gollog ensures that your diagnostic data remains an asset, not a liability.
gollog is available under the Prosperity Public License 3.0.0.
- Individuals & Non-profits: 100% Free.
- Commercial Organizations: 30-day free trial. A commercial license is required for production use thereafter.
See LICENSE and COMMERCIAL.md for full details and pricing.