Logging in ScriptCode

Available login methods

In the ScriptCode environment an object is available Logger, which allows logging events and data from within the script. By default all arguments passed to the methods Logger.<method>() are treated as sensitive, i.e. potentially containing sensitive data.

Available logging methods:

function callService(context) {
    Logger.info('COMPLETE TASK EXECUTED [arg1={}, arg2={}]', 'arg1', 'arg2');
    Logger.debug('COMPLETE TASK EXECUTED [arg1={}, arg2={}]', 'arg1', 'arg2');
    Logger.warn('COMPLETE TASK EXECUTED [arg1={}, arg2={}]', 'arg1', 'arg2');
    Logger.error('COMPLETE TASK EXECUTED [arg1={}, arg2={}]', 'arg1', 'arg2');
    Logger.trace('COMPLETE TASK EXECUTED [arg1={}, arg2={}]', 'arg1', 'arg2');
}

All arguments of the above methods are automatically treated as sensitive data and in non-sensitive logs will be hidden.

By default logged data

Platform Eximee I by default log and treat as sensitive the following elements of the ScriptCode environment:

  • data input of forms (input),

  • data output (output),

  • content of requests sent to external services (e.g. via REST API),

  • content responses received from those services.

This means that even if they are not explicitly marked as sensitive in code, they will not be printed in non-sensitive logs in a way that allows reading the actual content. They will be replaced with markers _SENSITIVE_DATA_START_ ... _SENSITIVE_DATA_STOP_ or #hashed#, depending on the type of application and execution context

Sensitive and non-sensitive logging

If we want part of the data to be written in non-sensitive logs without masking, you should use the method nonsensitive(), which marks the passed argument as non-sensitive.

field is sufficient.

In this example:

  • arg1 will be recorded in the log in plain form,

  • arg2 will be hidden (replaced by the sensitive data marker).


Log format

Below are examples of log formats for various Eximee platform applications.

Application process-handlers


Application webforms


Good practices

  • Use nonsensitive() only when you are sure that the data does not contain sensitive information.

  • Use the appropriate logging level:

    • trace and debug – for analyzing script execution details,

    • info – for process progress messages,

    • warn – for atypical but non-critical situations,

    • error – for errors requiring intervention.

  • Avoid logging whole objects or large data structures.

Last updated

Was this helpful?