Expand description
Crate zerodds-security-logging. Safety classification: SAFE (a pure I/O wrapper; no secrets are buffered outside the log line itself).
Production-grade logging backends for DDS-Security 1.1/1.2 §8.6
(the LoggingPlugin SPI from zerodds-security).
§Layer position
Layer 4 — Core Services. Consumed by end-user builds + the DCPS runtime
(feature security).
§Public API (as of 1.0.0-rc.1)
StderrLoggingPlugin— structured log lines tostderr.JsonLinesLoggingPlugin—application/x-ndjsonto a file.SyslogLoggingPlugin— RFC-5424 UDP backend (facilityLOCAL0).FanOutLoggingPlugin— fan-out to multiple backends.
§What this crate provides
StderrLoggingPlugin— writes structured log lines tostderr. Default for development + container deployments with a stdout/stderr collector (Loki, Vector, Fluentd).JsonLinesLoggingPlugin— writes JSON lines (application/x-ndjson) to a file. Each line = one event. A second process (e.g. auditd, filebeat) rotates the file.FanOutLoggingPlugin— routes each event to multiple backends (e.g. stderr + JSON file simultaneously).
All backends filter events by LogLevel; the default level is
Warning — lower (Informational, Debug) is silently discarded.
§Non-goals
- Syslog TCP (RFC 5425) and syslog TLS — most syslog deployments run in a trusted segment; re-add on demand.
- Structured telemetry (OpenTelemetry / OTLP) — covered by
zerodds-observability-otlp(layer 4.6). - Log rotation in the plugin itself — the job of the operating system /
logrotate.
Structs§
- FanOut
Logging Plugin - Fan-out adapter — broadcasts an event to all registered
backends. Useful for a setup with
stderr+ an audit JSON file in parallel. - Json
Lines Logging Plugin - Writes security events as JSON lines to a file.
- Stderr
Logging Plugin - Logs security events to
stderras human-readable text. - Syslog
Logging Plugin - UDP-based syslog client.
Enums§
- LogConfig
Error - Error materializing a logger from
dds.sec.log.*properties.
Constants§
- PROP_
LOG_ JSONL_ PATH dds.sec.log.jsonl.path— output file for thejsonlsink.- PROP_
LOG_ LEVEL dds.sec.log.level— minimum level. Default:Informational.- PROP_
LOG_ PLUGIN dds.sec.log.plugin— comma-separated sink list (stderr,jsonl,syslog).- PROP_
LOG_ SYSLOG_ ADDR dds.sec.log.syslog.addr—host:porttarget for thesyslogsink.- PROP_
LOG_ SYSLOG_ APP dds.sec.log.syslog.app— RFC-5424 app name (defaultzerodds).- PROP_
LOG_ SYSLOG_ HOST dds.sec.log.syslog.host— RFC-5424 hostname (defaultlocalhost).
Functions§
- logging_
plugin_ from_ properties - Build a
LoggingPluginfromdds.sec.log.*properties, fanning out to every named sink. ReturnsOk(None)ifdds.sec.log.pluginis absent or names no sinks. - parse_
log_ level - Parse a DDS-Security log-level name (case-insensitive;
infoaliasesinformational).