DEV.co
Open-Source Observability · trusche

httplog

httplog is a Ruby gem that intercepts and logs outgoing HTTP requests from your application for debugging purposes. It supports multiple HTTP libraries and provides configurable logging output including requests, responses, headers, and benchmarks. It is explicitly not recommended for production use due to monkey-patching the underlying HTTP implementations.

Source: GitHub — github.com/trusche/httplog
827
GitHub stars
79
Forks
Ruby
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorytrusche/httplog
Ownertrusche
Primary languageRuby
LicenseMIT — OSI-approved
Stars827
Forks79
Open issues1
Latest releasev1.8.0 (2026-01-13)
Last updated2026-02-23
Sourcehttps://github.com/trusche/httplog

What httplog is

httplog hooks into popular Ruby HTTP libraries (Net::HTTP, Ethon, Excon, HTTParty, Faraday, etc.) via monkey-patching to capture request/response lifecycle events. It logs to a configurable logger with options for compact, JSON, and Graylog formats, plus parameter filtering and URL pattern matching. The gem requires Ruby >= 2.6 and is maintained as a development-only tool.

Quickstart

Get the httplog source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/trusche/httplog.gitcd httplog# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Local API Integration Debugging

Quickly inspect what HTTP requests your Ruby app is actually sending to third-party APIs during development, catching malformed headers, query parameters, or request bodies before they hit production.

Rails Development Environment Logging

Drop into a Rails initializer to centralize HTTP request visibility alongside your application logs, making it easier to correlate API calls with business logic during feature development.

Performance Analysis & Benchmarking

Use the built-in benchmark logging to identify slow external API calls and understand where time is spent in HTTP round-trips during local testing and staging.

Implementation considerations

  • Require httplog *after* your HTTP library to ensure hooks are installed correctly.
  • Configure in a Rails initializer (e.g., config/initializers/httplog.rb) scoped to development/test environments only.
  • Use parameter filtering (config.filter_parameters) to avoid logging credentials or sensitive data; note that filtering only applies to URL and header parameters, not JSON request bodies.
  • Choose output format (plain, compact, JSON, Graylog) based on your logging stack and noise tolerance.
  • Set URL allowlist/denylist patterns if certain endpoints produce excessive noise or should not be logged.

When to avoid it — and what to weigh

  • Production Workloads — The README explicitly warns against production use; monkey-patching introduces performance overhead and unforeseen interactions with HTTP libraries in production environments.
  • Non-Ruby Applications — httplog is Ruby-specific and cannot be integrated into non-Ruby services; alternatives exist for other languages (e.g., curl logging, Wireshark, proxy tools).
  • Binary Protocol Logging — The gem does not log binary response bodies and converts text to UTF-8 with character replacement; if you need raw byte-level inspection, use network-level tools instead.
  • High-Concurrency or Streaming Scenarios — No explicit mention of thread-safety or support for asynchronous/streaming HTTP patterns; suitability for these use cases requires review.

License & commercial use

Licensed under the MIT License, which is a permissive OSI-approved license allowing commercial use, modification, and distribution with minimal restrictions.

MIT license permits commercial use. However, this tool is explicitly recommended only for development/debugging environments. Deploying it in a production commercial service would violate the intended use case and introduce risk; ensure it is disabled or removed before production deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Monkey-patching HTTP implementations creates a large attack surface if httplog itself were compromised; mitigate by using only in development and strictly controlling gem dependencies. Parameter filtering provides basic PII redaction for URL and headers, but does not filter JSON bodies or response data. Review filter_parameters configuration to ensure sensitive keys are covered. No explicit vulnerability history found in provided data; requires audit of gem release history.

Alternatives to consider

Rails Logger + Net::HTTP Instrumentation

Use native Rails request logging or ActiveSupport::Notifications hooks to avoid monkey-patching; provides similar visibility with less risk.

Faraday Middleware (e.g., faraday-detailed_logger)

If using Faraday, middleware-based logging is more explicit and less invasive than global monkey-patching.

Network Proxies (Charles, Fiddler, mitmproxy)

For low-level HTTP inspection across any language and library, use network-level interception; offers binary support and protocol-level detail.

Software development agency

Build on httplog with DEV.co software developers

Our team specializes in Ruby development and API integration. Let us help you set up robust logging and troubleshooting for your HTTP interactions.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

httplog FAQ

Can I use httplog in production?
No. The README explicitly discourages production use due to monkey-patching, performance overhead, and potential library conflicts. Use only in development and test environments.
Does httplog log request bodies?
Yes, by default. Request and response bodies are logged (with binary data skipped and text converted to UTF-8). Use config.log_data = false to disable or parameter filtering to mask sensitive fields.
Which HTTP libraries does httplog support?
Explicitly: Net::HTTP, Ethon, Excon, OpenURI, Patron, HTTPClient, HTTParty, HTTP gem. Partially: Faraday, Typhoeus (depends on their adapters). Others built on these may work; verify your stack.
How do I prevent logging of specific endpoints or sensitive data?
Use config.url_denylist_pattern to exclude URLs and config.filter_parameters to mask sensitive request parameter values. Note: JSON response bodies are not filtered; use config.url_masked_body_pattern for selective JSON masking.

Software development & web development with DEV.co

Need help beyond evaluating httplog? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source observability integrations — and maintain them long-term.

Need Help Integrating httplog or Debugging Ruby APIs?

Our team specializes in Ruby development and API integration. Let us help you set up robust logging and troubleshooting for your HTTP interactions.