1.0.6 • Published 10 months ago

insomnia-plugin-usage-logger v1.0.6

Weekly downloads
-
License
Apache-2.0
Repository
github
Last release
10 months ago

Graylog API Security Insomnia Plugin

Easily log API requests and responses to your own security data lake.

License Contributing

Requirements

Set up

  • Go to Insomnia > Preferences > Plugins
  • Type in
    insomnia-plugin-usage-logger
  • Click Install Plugin.

(Alternatively, check out the manual installation.)

  • Add the variables used by the logger to your Base Environment (or create a separate new Private/Shared environment for it).

    {
        "USAGE_LOGGERS_URL": "http://localhost:7701/message",
        "USAGE_LOGGERS_RULES": "include debug"
    }

That's it!

Usage

  • Make sure the plugin is enabled (also, if you created a new private/shared environment make sure to select it).
  • Use Insomnia as you would normally.
  • Go to http://localhost:7700 to explore all your logs using the included Graylog API Security web UI

  • You can always disable the plugin if you want stop logging API calls temporarily

Happy loggin' 📝

Environment variables

This plugin has access to four environment variables, but only one them is required for the logger to work properly.

✔ All API calls are sent to the database running inside the resurface container

The environment variable USAGE_LOGGERS_URL stores this address, which by default should be the string "http://localhost:7701/message"

✔ All API calls are filtered using a set of rules (Optional)

The environment variable USAGE_LOGGERS_RULES stores these logging rules as a string. Even though this variable is optional, it is recommended to set it to "include debug" or "allow_http_url" when trying the plugin for the first time.

✔ Reponse bodies are logged up to a certain size (Optional)

If you are working with large response payloads and don't want to log the whole thing, you can use the environment variable USAGE_LOGGERS_LIMIT. It stores an integer value corresponding to the number of bytes after which a response body will not be logged (by default, this upper limit is 1 MiB).

✔ The Logger can be disabled even if the plugin is enabled (Optional)

By setting the environment variable USAGE_LOGGERS_DISABLE to true the logger will be disabled and no API calls will be logged.

Manual installation

  • Clone this repo inside:
    • MacOS: ~/Library/Application\ Support/Insomnia/plugins/
    • Windows: %APPDATA%\Insomnia\plugins\
    • Linux: $XDG_CONFIG_HOME/Insomnia/plugins/ or ~/.config/Insomnia/plugins/
  • Install dependencies using npm i

Protecting User Privacy

Loggers always have an active set of rules that control what data is logged and how sensitive data is masked. All of the examples above apply a predefined set of rules (include debug), but logging rules are easily customized to meet the needs of any application.

Logging rules documentation


© 2016-2024 Graylog, Inc.