From 8618d5057156c31fa22f7898d1f717493eed7443 Mon Sep 17 00:00:00 2001
From: Richard Lynch <rjlynchdev@gmail.com>
Date: Tue, 4 Jun 2024 10:24:35 +0100
Subject: [PATCH] Configure semantic logger (#422)

* Security updates

Updates nokogiri and rexml

* Configure semantic logger

Configures the app to format it's logs with `rails_semantic_logger` so
logit can ingest them.
https://technical-guidance.education.gov.uk/infrastructure/monitoring/logit/#ruby-on-rails
---
 Gemfile                                |  2 ++
 Gemfile.lock                           | 21 +++++++++++++++-----
 config/environments/development.rb     |  7 +++++++
 config/environments/production.rb      | 27 ++++++++++----------------
 config/environments/test.rb            |  7 +++++++
 config/initializers/semantic_logger.rb | 11 +++++++++++
 6 files changed, 53 insertions(+), 22 deletions(-)
 create mode 100644 config/initializers/semantic_logger.rb

diff --git a/Gemfile b/Gemfile
index a7c8373c..a6ae022c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -30,6 +30,7 @@ gem "uk_postcode"
 gem "phonelib"
 ###############
 
+gem "amazing_print"
 gem "audited", "~> 5.4"
 gem "concurrent-ruby", require: "concurrent"
 gem "concurrent-ruby-ext"
@@ -41,6 +42,7 @@ gem "flipper-ui"
 gem "httparty", "~> 0.21"
 gem "invisible_captcha"
 gem "omniauth-azure-activedirectory-v2"
+gem "rails_semantic_logger"
 gem "rolify"
 gem "sentry-rails", "~> 5.17"
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 1faa5d1d..0b449c3b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -77,6 +77,7 @@ GEM
       tzinfo (~> 2.0)
     addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
+    amazing_print (1.6.0)
     annotate (3.2.0)
       activerecord (>= 3.2, < 8.0)
       rake (>= 10.4, < 14.0)
@@ -259,7 +260,7 @@ GEM
     matrix (0.4.2)
     method_source (1.0.0)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
+    mini_portile2 (2.8.6)
     minitest (5.22.3)
     msgpack (1.7.2)
     multi_xml (0.6.0)
@@ -274,7 +275,7 @@ GEM
     net-smtp (0.4.0)
       net-protocol
     nio4r (2.6.1)
-    nokogiri (1.16.3)
+    nokogiri (1.16.5)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     notifications-ruby-client (5.4.0)
@@ -321,7 +322,7 @@ GEM
     puma (6.4.2)
       nio4r (~> 2.0)
     raabro (1.4.0)
-    racc (1.7.3)
+    racc (1.8.0)
     rack (2.2.8.1)
     rack-protection (3.1.0)
       rack (~> 2.2, >= 2.2.4)
@@ -353,6 +354,10 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
+    rails_semantic_logger (4.14.0)
+      rack
+      railties (>= 5.1)
+      semantic_logger (~> 4.13)
     railties (7.1.2)
       actionpack (= 7.1.2)
       activesupport (= 7.1.2)
@@ -374,7 +379,8 @@ GEM
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
-    rexml (3.2.6)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
     rolify (6.0.1)
     rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
@@ -444,6 +450,8 @@ GEM
     scenic (1.7.0)
       activerecord (>= 4.0.0)
       railties (>= 4.0.0)
+    semantic_logger (4.15.0)
+      concurrent-ruby (~> 1.0)
     sentry-rails (5.17.1)
       railties (>= 5.0)
       sentry-ruby (~> 5.17.1)
@@ -470,6 +478,7 @@ GEM
       hashie
       version_gem (~> 1.1, >= 1.1.1)
     stringio (3.1.0)
+    strscan (3.1.0)
     thor (1.3.1)
     timeout (0.4.1)
     tzinfo (2.0.6)
@@ -500,6 +509,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  amazing_print
   annotate
   audited (~> 5.4)
   binding_of_caller
@@ -538,6 +548,7 @@ DEPENDENCIES
   pry-byebug
   puma (>= 6.4.2, < 7)
   rails (~> 7.1)
+  rails_semantic_logger
   rolify
   rspec-rails
   rubocop-govuk
@@ -556,7 +567,7 @@ DEPENDENCIES
   web-console
 
 RUBY VERSION
-   ruby 3.2.2p53
+   ruby 3.2.3p157
 
 BUNDLED WITH
    2.4.21
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 7341ed86..ccdbef76 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -62,5 +62,12 @@
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
 
+  # Or :info
+  config.log_level = :debug
+  # Console colorised non-json output
+  config.log_format = :color
+  # Show file and line number (expensive: not for production)
+  config.semantic_logger.backtrace_level = :debug
+
   config.hosts << "itrp.local"
 end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 90925a75..9393c49f 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -43,13 +43,6 @@
   config.force_ssl = true
   config.ssl_options = { redirect: { exclude: ->(request) { request.path.include?("healthcheck") } } }
 
-  # Include generic and useful information about system operation, but avoid logging too much
-  # information to avoid inadvertent exposure of personally identifiable information (PII).
-  config.log_level = :info
-
-  # Prepend all log lines with the following tags.
-  config.log_tags = [:request_id]
-
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
@@ -61,21 +54,21 @@
   # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true
 
+  # Include generic and useful information about system operation, but avoid logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII).
+  config.log_level = :info
+
   # Don't log any deprecations.
   config.active_support.report_deprecations = false
 
-  # Use default logging formatter so that PID and timestamp are not suppressed.
-  config.log_formatter = Logger::Formatter.new
+  # Set format for semantic logger, see config/initializers/semantic_logger.rb
+  config.log_format = :json
 
-  # Use a different logger for distributed setups.
-  # require "syslog/logger"
-  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
+  # Don't log to file
+  config.rails_semantic_logger.add_file_appender = false
 
-  if ENV["RAILS_LOG_TO_STDOUT"].present?
-    logger           = ActiveSupport::Logger.new($stdout)
-    logger.formatter = config.log_formatter
-    config.logger    = ActiveSupport::TaggedLogging.new(logger)
-  end
+  # Don't log SQL
+  config.active_record.logger = nil
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
diff --git a/config/environments/test.rb b/config/environments/test.rb
index a13e8607..46773905 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -55,5 +55,12 @@
   # config/initializers/dartsass.rb
   config.dartsass.build_options << " --quiet-deps"
 
+  # Or :info
+  config.log_level = :debug
+  # Console colorised non-json output
+  config.log_format = :color
+  # Show file and line number (expensive: not for production)
+  config.semantic_logger.backtrace_level = :debug
+
   config.hosts << "www.example.com"
 end
diff --git a/config/initializers/semantic_logger.rb b/config/initializers/semantic_logger.rb
new file mode 100644
index 00000000..93772054
--- /dev/null
+++ b/config/initializers/semantic_logger.rb
@@ -0,0 +1,11 @@
+Rails.application.configure do
+  config.semantic_logger.application = "" # This is added by logstash from its tags
+  config.log_tags = [:request_id]         # Prepend all log lines with the following tags
+end
+
+SemanticLogger.add_appender(
+  io: $stdout,
+  level: Rails.application.config.log_level,
+  formatter: Rails.application.config.log_format,
+)
+Rails.application.config.logger.info("Application logging to STDOUT")