laravel-http-logger
laravel-http-logger is a Laravel middleware package that automatically logs incoming HTTP requests (POST, PUT, PATCH, DELETE) to help track user submissions and debug issues. It filters sensitive data like passwords and sanitizes headers, acting as a safety net for critical operations such as form submissions.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | spatie/laravel-http-logger |
| Owner | spatie |
| Primary language | PHP |
| License | MIT — OSI-approved |
| Stars | 674 |
| Forks | 59 |
| Open issues | 0 |
| Latest release | 1.11.2 (2026-02-21) |
| Last updated | 2026-02-21 |
| Source | https://github.com/spatie/laravel-http-logger |
What laravel-http-logger is
This package provides a configurable middleware implementing LogProfile and LogWriter interfaces, allowing customization of which requests are logged and where they are written. It integrates with Laravel's logging system and supports header sanitization and request body filtering via configuration.
Get the laravel-http-logger source
Clone the repository and explore it locally.
git clone https://github.com/spatie/laravel-http-logger.gitcd laravel-http-logger# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Middleware must be registered globally or per-route in Laravel 11+ or in app/Http/Kernel.php for Laravel ≤10; incompletely registered middleware will silently skip requests.
- Default behavior logs only non-GET requests; custom LogProfile implementations required to alter filtering logic (e.g., log all requests, or log only specific paths).
- Sensitive fields (password, password_confirmation) are filtered by default, but the 'except' config must be updated for application-specific secrets (API keys, tokens, SSNs).
- Log channel and level are configurable; ensure LOG_CHANNEL and HTTP_LOGGER_ENABLED environment variables are set to avoid unexpected logging behavior in production.
- No built-in log rotation, compression, or retention; pair with Laravel's log rotation and external log aggregation (e.g., ELK, Datadog) for production scale.
When to avoid it — and what to weigh
- High-Volume, Low-Value Requests — If you handle thousands of identical API calls per second (e.g., telemetry), logging every request will create significant log storage overhead and parsing complexity.
- Applications with Large Request Payloads — Logging full request bodies (images, files, large JSON) will exhaust disk/log storage rapidly unless paired with aggressive rotation and filtering policies.
- Strict GDPR/Privacy-First Requirements — Even with field filtering and header sanitization, logging user requests may capture regulated personal data; requires careful integration with data retention and anonymization policies.
- Real-Time Performance-Critical Systems — Synchronous logging without asynchronous queuing may introduce measurable latency to request handling in latency-sensitive applications.
License & commercial use
MIT License. Permissive OSI-approved license; allows modification, distribution, and commercial use provided the license text and copyright notice are retained. No warranty provided.
MIT is a permissive open-source license that explicitly permits commercial use, modification, and redistribution. No commercial license, proprietary restrictions, or usage fees are stated. However, the project includes a notice requesting support through Spatie's paid products; review Spatie's commercial terms separately if considering a formal support relationship.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
By design, this package logs request data; ensure sensitive fields (passwords, tokens, API keys, PII) are filtered via the 'except' config and 'sanitize_headers' setting. No encryption at rest is mentioned; logs are stored in plaintext in configured log channel. Consider: log access control, retention policies, and whether logging complies with GDPR/CCPA. Default filters are password and password_confirmation; application-specific secrets must be explicitly added. If used with file-based logging, ensure file permissions and log rotation are properly configured to prevent unauthorized access.
Alternatives to consider
Laravel Built-in Request Logging (Storage Facade / Log Facade)
Laravel's native Log facade allows ad-hoc request logging without a dedicated package; requires manual middleware implementation but offers full control. No specialized filtering or safety-net features.
Sentry (Laravel SDK)
Full error tracking and session replay; logs requests as part of broader error monitoring. Offers more context than HTTP logging alone but requires external SaaS account and differs in scope (error-focused vs. general request logging).
Telescope (Laravel)
Laravel's built-in debugging tool provides request inspection, query logging, and event tracking. Designed for development; not recommended for production logging of all requests due to performance overhead and disk usage.
Build on laravel-http-logger with DEV.co software developers
Contact Devco to implement laravel-http-logger with custom profiles, logging strategies, and compliance-ready configurations for your Laravel stack.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
laravel-http-logger FAQ
Does this package log GET requests by default?
Can I log to a database or external service instead of Laravel's log files?
Is the logged request data encrypted?
What happens if logging fails (e.g., disk full)?
Software developers & web developers for hire
Adopting laravel-http-logger is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.
Integrate Request Logging into Your Laravel Application
Contact Devco to implement laravel-http-logger with custom profiles, logging strategies, and compliance-ready configurations for your Laravel stack.