DEV.co
Open-Source Observability · spatie

laravel-http-logger

laravel-http-logger is a Laravel middleware package that automatically logs incoming HTTP requests (POST, PUT, PATCH, DELETE) to help track user submissions and debug issues. It filters sensitive data like passwords and sanitizes headers, acting as a safety net for critical operations such as form submissions.

Source: GitHub — github.com/spatie/laravel-http-logger
674
GitHub stars
59
Forks
PHP
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryspatie/laravel-http-logger
Ownerspatie
Primary languagePHP
LicenseMIT — OSI-approved
Stars674
Forks59
Open issues0
Latest release1.11.2 (2026-02-21)
Last updated2026-02-21
Sourcehttps://github.com/spatie/laravel-http-logger

What laravel-http-logger is

This package provides a configurable middleware implementing LogProfile and LogWriter interfaces, allowing customization of which requests are logged and where they are written. It integrates with Laravel's logging system and supports header sanitization and request body filtering via configuration.

Quickstart

Get the laravel-http-logger source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/spatie/laravel-http-logger.gitcd laravel-http-logger# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Critical Form Submission Auditing

Log all POST/PUT/PATCH/DELETE requests to maintain an audit trail of user-submitted data in case errors occur during processing, particularly useful for lead generation forms or payment submissions.

Debugging Production Issues

Retain original request data when request processing fails, enabling engineers to replay or investigate the exact payload that caused an error without relying on user memory.

Compliance & Data Recovery

Support regulatory requirements for request logging and provide a recovery mechanism for lost or incomplete transactions by storing the initial user input.

Implementation considerations

  • Middleware must be registered globally or per-route in Laravel 11+ or in app/Http/Kernel.php for Laravel ≤10; incompletely registered middleware will silently skip requests.
  • Default behavior logs only non-GET requests; custom LogProfile implementations required to alter filtering logic (e.g., log all requests, or log only specific paths).
  • Sensitive fields (password, password_confirmation) are filtered by default, but the 'except' config must be updated for application-specific secrets (API keys, tokens, SSNs).
  • Log channel and level are configurable; ensure LOG_CHANNEL and HTTP_LOGGER_ENABLED environment variables are set to avoid unexpected logging behavior in production.
  • No built-in log rotation, compression, or retention; pair with Laravel's log rotation and external log aggregation (e.g., ELK, Datadog) for production scale.

When to avoid it — and what to weigh

  • High-Volume, Low-Value Requests — If you handle thousands of identical API calls per second (e.g., telemetry), logging every request will create significant log storage overhead and parsing complexity.
  • Applications with Large Request Payloads — Logging full request bodies (images, files, large JSON) will exhaust disk/log storage rapidly unless paired with aggressive rotation and filtering policies.
  • Strict GDPR/Privacy-First Requirements — Even with field filtering and header sanitization, logging user requests may capture regulated personal data; requires careful integration with data retention and anonymization policies.
  • Real-Time Performance-Critical Systems — Synchronous logging without asynchronous queuing may introduce measurable latency to request handling in latency-sensitive applications.

License & commercial use

MIT License. Permissive OSI-approved license; allows modification, distribution, and commercial use provided the license text and copyright notice are retained. No warranty provided.

MIT is a permissive open-source license that explicitly permits commercial use, modification, and redistribution. No commercial license, proprietary restrictions, or usage fees are stated. However, the project includes a notice requesting support through Spatie's paid products; review Spatie's commercial terms separately if considering a formal support relationship.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

By design, this package logs request data; ensure sensitive fields (passwords, tokens, API keys, PII) are filtered via the 'except' config and 'sanitize_headers' setting. No encryption at rest is mentioned; logs are stored in plaintext in configured log channel. Consider: log access control, retention policies, and whether logging complies with GDPR/CCPA. Default filters are password and password_confirmation; application-specific secrets must be explicitly added. If used with file-based logging, ensure file permissions and log rotation are properly configured to prevent unauthorized access.

Alternatives to consider

Laravel Built-in Request Logging (Storage Facade / Log Facade)

Laravel's native Log facade allows ad-hoc request logging without a dedicated package; requires manual middleware implementation but offers full control. No specialized filtering or safety-net features.

Sentry (Laravel SDK)

Full error tracking and session replay; logs requests as part of broader error monitoring. Offers more context than HTTP logging alone but requires external SaaS account and differs in scope (error-focused vs. general request logging).

Telescope (Laravel)

Laravel's built-in debugging tool provides request inspection, query logging, and event tracking. Designed for development; not recommended for production logging of all requests due to performance overhead and disk usage.

Software development agency

Build on laravel-http-logger with DEV.co software developers

Contact Devco to implement laravel-http-logger with custom profiles, logging strategies, and compliance-ready configurations for your Laravel stack.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

laravel-http-logger FAQ

Does this package log GET requests by default?
No. The default LogProfile (LogNonGetRequests) only logs POST, PUT, PATCH, and DELETE requests. Use a custom LogProfile to change this behavior.
Can I log to a database or external service instead of Laravel's log files?
Yes. Implement a custom LogWriter interface and configure it in config/http-logger.php. The package does not provide database or external integrations out of the box.
Is the logged request data encrypted?
No. Logs are written in plaintext to the configured log channel (typically file or syslog). Encryption at rest must be handled separately (e.g., encrypted file storage, log aggregation with encryption).
What happens if logging fails (e.g., disk full)?
Not explicitly documented. If the log channel fails to write, Laravel's logging error handling applies; likely exception thrown or silent failure depending on log configuration. Review Laravel logging documentation for error handling.

Software developers & web developers for hire

Adopting laravel-http-logger is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.

Integrate Request Logging into Your Laravel Application

Contact Devco to implement laravel-http-logger with custom profiles, logging strategies, and compliance-ready configurations for your Laravel stack.