Currently, Caddy’s structured logging outputs all available fields in the JSON log entries, including many that may not be relevant for a particular use case. This behavior introduces several challenges:
- Increased log volume: Logging every available field - including unused or low-value ones - leads to unnecessarily large log files, consuming more disk space and potentially increasing storage costs.
- Signal-to-noise ratio: The excess of irrelevant fields makes it harder to extract meaningful insights quickly, especially in production systems where clarity and performance matter.
- Security risk and stability concern: Malicious actors could inject large or numerous custom headers, causing logs to balloon in size and possibly impacting system performance or log processing pipelines.
To mitigate these issues, it would be beneficial to introduce a configuration option that defines a whitelist of log fields for JSON logging. This would give users explicit control over which fields are logged, improving efficiency, clarity, and resilience.
A promising direction would be to introduce a feature similar in spirit to caddy-jsonselect-encoder
(GitHub - leodido/caddy-jsonselect-encoder: Pick what to log in JSON format), where users can declaratively select the fields they want to emit. For example:
log main {
output stdout
format jsonselect "
{level}
{ts}
{logger}
{msg}
{size}
{bytes_read}
{status}
{duration}
{request>remote_ip}
{request>remote_port}
{request>client_ip}
{request>proto}
{request>method}
{request>uri}
{request>headers>Accept}
{request>headers>Accept-Encoding}
{request>headers>Content-Length}
{request>headers>Content-Type}
{request>headers>User-Agent}
"
}
Thanks for considering this feature - it would significantly improve logging hygiene and operational flexibility.