Overview The basic configuration options control what data gets captured and logged from HTTP requests and responses. These are the foundation of HTTP Ledger’s logging behavior.
logBody Whether to include the request body in log output.
Usage app . use ( logger ({ logBody: true // Include request bodies in logs }));
When to Disable Disable logBody in production if you’re handling large payloads or want to reduce log volume.
// Production configuration app . use ( logger ({ logBody: process . env . NODE_ENV === 'development' }));
Example Log Output With logBody: true:
{ "method" : "POST" , "url" : "/api/users" , "body" : { "name" : "John Doe" , "email" : "[email protected] " } }
logResponse Whether to include the response body in log output.
Usage app . use ( logger ({ logResponse: true // Include response bodies in logs }));
Response logging can add overhead for large responses. Consider disabling in production or using selective logging.
// Only log responses for errors app . use ( logger ({ logResponse: true , shouldLog : ( req , res ) => res . statusCode >= 400 }));
Example Log Output With logResponse: true:
{ "method" : "GET" , "url" : "/api/users/123" , "statusCode" : 200 , "responseBody" : { "id" : 123 , "name" : "John Doe" , "email" : "[email protected] " } }
logQueryParams Whether to include query parameters in log output.
Usage app . use ( logger ({ logQueryParams: true // Include query parameters }));
Security Note Query parameters may contain sensitive data like API keys or tokens. Use with maskFields for security.
app . use ( logger ({ logQueryParams: true , maskFields: [ 'api_key' , 'token' , 'secret' ] }));
Example Log Output With logQueryParams: true:
{ "method" : "GET" , "url" : "/api/users?page=1&limit=10&sort=name" , "queryParams" : { "page" : "1" , "limit" : "10" , "sort" : "name" } }
Array of header names to exclude from logs. Header names are case-insensitive.
Usage app . use ( logger ({ excludedHeaders: [ 'authorization' , 'cookie' , 'x-api-key' ] }));
Always exclude headers that contain authentication credentials or sensitive information.
app . use ( logger ({ excludedHeaders: [ 'authorization' , 'cookie' , 'x-api-key' , 'x-auth-token' , 'x-csrf-token' ] }));
Example Log Output With excludedHeaders: ['authorization']:
{ "method" : "POST" , "headers" : { "content-type" : "application/json" , "user-agent" : "Mozilla/5.0..." , "accept" : "application/json" // 'authorization' header is excluded } }
Combining Options You can combine these options for precise control:
Development
Production
Debugging
// Log everything for debugging app . use ( logger ({ logBody: true , logResponse: true , logQueryParams: true , excludedHeaders: [] // Log all headers }));
// Minimal logging for performance app . use ( logger ({ logBody: false , logResponse: false , logQueryParams: true , excludedHeaders: [ 'authorization' , 'cookie' , 'x-api-key' ] }));
// Log only errors with full details app . use ( logger ({ logBody: true , logResponse: true , logQueryParams: true , shouldLog : ( req , res ) => res . statusCode >= 400 , excludedHeaders: [ 'cookie' ] }));
Security Use maskFields to protect sensitive data in logged bodies
Selective Logging Control which requests get logged with shouldLog and sampling