Оффлайн
- Регистрация
- 1 Мар 2015
- Сообщения
- 1,481
- Баллы
- 155
? Why CerbiStream Exists
As developers, we've all experienced logging mistakes:
- Accidentally logging sensitive data like passwords or emails
- Forgetting to include userId, requestId, or environment
- Debugging issues with logs that have no structure, context, or traceability
CerbiStream is designed to help development teams avoid these problems — by baking in runtime validation, fallback safety, and contextual metadata into every log line.
It doesn't just log your data. It governs it.
What Is CerbiStream?CerbiStream is a modular logging framework for .NET that helps developers:
Enforce runtime log structure via governance profiles- ? Secure logs with AES/Base64 encryption
- ? Auto-tag logs with metadata and trace info
- ? Fallback to encrypted local files if queues fail
- ? Send to queues, cloud storage, or telemetry in parallel
dotnet add package CerbiStream
builder.Logging.AddCerbiStream(options =>
{
options.WithQueue("RabbitMQ", "localhost", "logs")
.WithFileFallback("logs/fallback.json")
.WithEncryptionMode(EncryptionType.AES)
.WithEncryptionKey(myKey, myIv)
.WithGovernanceChecks(true)
.EnableProductionMode();
});
? Real-Time Governance Enforcement
The real-time governance feature rolled out recently with Cerbi.Governance.Runtime — and it's just the beginning. We’ve built it into CerbiStream to validate logs as they happen, without slowing development workflows or requiring devs to memorize rules.
We're actively extending this to other ecosystems:
- ? Cerbi.Serilog.GovernanceAnalyzer
- ? Cerbi.NLog.GovernanceAnalyzer
- ? Cerbi.Log4Net.GovernanceAnalyzer
This will bring consistent, policy-driven enforcement across the most popular logging stacks in .NET.
CerbiStream now supports real-time governance enforcement via Cerbi.Governance.Runtime, ensuring that logs are validated against governance profiles at runtime. This removes dependency on build-time analyzers and works seamlessly across environments and dynamic deployment scenarios.
How it works:
- Profiles define expected fields, severity, and topics.
- When a log is written, it is evaluated against the profile before being routed.
- If the log is non-compliant, governance metadata is injected (e.g., GovernanceViolations, GovernanceProfileUsed, etc.).
- If Relax() is applied, governance is bypassed intentionally but still tagged with "GovernanceRelaxed": true for audit and scoring.
This approach ensures logs aren't dropped — they are tagged, not blocked, making it easy to score or flag them downstream without causing operational noise or alert spam.
Future versions will integrate this tagging into CerbiSense for governance scoring and trend analysis across teams and services.CerbiStream uses JSON-based profiles and applies them at runtime, so developers aren’t locked into compile-time analyzers.
{
"EnforcementMode": "Strict",
"LoggingProfiles": {
"Orders": {
"RequireTopic": true,
"AllowedTopics": ["Orders"],
"FieldSeverities": {
"userId": "Required",
"email": "Required",
"password": "Forbidden"
},
"AllowRelax": true
}
}
}
Tag your class with:
[CerbiTopic("Orders")]
public class OrderService { }
? Example Logs
Compliant Loglogger.LogInformation("Order started", new { userId = "u123", email = "demo@site.com" });
{
"Message": "Order started",
"userId": "u123",
"email": "demo@site.com",
"GovernanceProfileUsed": "Orders",
"TimestampUtc": "2025-05-19T10:42:01Z"
}
Violation (Missing Required Fields)logger.LogWarning("Something went wrong");
{
"Message": "Something went wrong",
"GovernanceViolations": ["Missing: userId", "Missing: email"],
"GovernanceMode": "Strict"
}
? Relaxed Log (Explicit Bypass)
logger.Relax().LogError("Emergency override triggered");
{
"Message": "Emergency override triggered",
"GovernanceRelaxed": true,
"LogLevel": "Error"
}
? File Fallback Example
options.WithEncryptedFallback("fallback.json", "primary.json", key, iv);
Logs are written securely:
[ENCRYPTED] <AES Payload> [/ENCRYPTED]
Supported Targets- ? Queues: RabbitMQ, Azure Service Bus, Kafka, AWS SQS, GCP Pub/Sub
- ? Telemetry: App Insights, OpenTelemetry, Datadog, CloudWatch
- ? Storage: Azure Blob, AWS S3, Google Cloud Storage
options.EnableDevModeMinimal(); // Console only
options.EnableDeveloperModeWithTelemetry(); // Local testing
options.EnableProductionMode(); // Full governance
options.EnableBenchmarkMode(); // Silent for perf tests
? Benchmarked vs. Serilog
| Feature | CerbiStream | Serilog |
|---|---|---|
| Real-Time Governance |  | No |
| Full Payload Encryption | Built-in AES | Requires plugins |
| Fallback Logging | Encrypted | ? Limited |
| Telemetry + Queues | Dual support | ? Separate sinks |
? Summary
In this article, we covered:
- Why log governance is a human problem
- What CerbiStream does differently
- How runtime enforcement tags non-compliant logs
- What compliant, violating, and relaxed log output looks like
- How fallback, telemetry, and encryption features help build safer systems
- The roadmap for supporting other loggers
CerbiStream was created to help developers log confidently and securely — without losing productivity. Try it out, enforce your standards, and eliminate log regret.
? Try It Out
- ?
- ?
- ?
?
?
?
?
CerbiStream is open source and evolving fast. Let us know your use case or suggest a feature!
Happy logging ?