-
Notifications
You must be signed in to change notification settings - Fork 2
Security
This section describes security‑related features and recommendations for logme.
The control server is designed for runtime management of logme (backends, channels, flags, etc.).
Currently, the following security mechanisms are supported:
- TLS encryption for all control server connections
- Authentication via the
AUTHcommand
Even with TLS enabled, the control server must only be exposed in trusted environments (for example, localhost, VPN, or protected management networks). It is not intended to be publicly accessible.
logme supports on‑disk log obfuscation to protect log files from offline analysis.
The obfuscation mechanism is enabled by setting a secret key at runtime:
Logger::SetObfuscationKey(key);Once enabled, all log records written to disk are stored in obfuscated form. This protects sensitive information even if log files are copied or accessed outside the running system.
In addition to runtime log obfuscation, logme supports compile‑time obfuscation of format strings using the OBF macro.
When OBF is used, string literals are not stored in plain text inside the binary and cannot be found by simple static analysis (for example, by searching the executable file).
Example:
LogmeI(OBF("This line cannot be found when viewing the exe"));This mechanism is intended to protect sensitive log messages, internal protocol details, and diagnostic strings from reverse engineering.
Together, these mechanisms provide multiple layers of protection:
- Encrypted and authenticated control channel
- Obfuscated log data at rest
- Hidden format strings in compiled binaries
They are designed to reduce the attack surface and limit information disclosure, especially in production and customer environments.
logme — flexible runtime logging system
Home · Getting Started · Architecture · Output · Backends · Configuration
GitHub: https://github.com/efmsoft/logme