Jul 11

I’m currently contracting over @OnTrees, @OnTrees we use raygun.io for error logging. If you don’t know what raygun is – raygun logs errors and produces excellent trending reports. It’s a great tool because lets be honest no matter how good your test coverage is exceptions happen.

We use it in production to help prioritise and pinpoint exceptions, raygun is brilliant for this as it shows you a count and when the exception last occurred, everything you need for prioritisation decisions. Raygun is clever enough to know when a exception has been resolved or if it has been reintroduced by a new build which is a neat feature.

Anyway that’s enough of a pitch, I’m not affiliated with the guys at raygun.io I just like the product, if you want to find out more check out Troy Hunt’s post.

For a web application Raygun4Net logs everything you need for troubleshooting, however for our single page app it was logging a bit too much. One of the main offenders is Raygun4Net logs RawData, the problem is with a SPA this is the full json body, which for us will contain sensitive data.

After a bit of research I found it is trivial to remove Server Variables, Form, Header and Cookie values using the web.config. However I couldn’t find a way to stop the .Net client logging RawData/http body. Raygun4Net is open source, so it was easy to extend.

Below is the extension we use:

Raygun4NetExtensions.cs – we create a custom RaygunRequestMessage and related extension method to remove the Authorization header, all QueryString, Form, and Cookie values, as well as RawData (including the http body) which was causing us issues with logging sensitive data.

RaygunLogger.cs – we new up a RaygunMessage and then call our SetNonSensitiveHttpDetails extension method which replaces the RaygunRequestMessage with our own SensitiveRaygunRequestMessage.

It should be easy to customise this extension for your own needs.

Leave a Reply

preload preload preload