DEV.co
Open-Source Observability · zalando

logbook

Logbook is a mature Java library for logging HTTP requests and responses across client and server technologies. It provides flexible filtering, formatting, and integration with frameworks like Spring Boot, with MIT licensing and active maintenance.

Source: GitHub — github.com/zalando/logbook
2.1k
GitHub stars
280
Forks
Java
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryzalando/logbook
Ownerzalando
Primary languageJava
LicenseMIT — OSI-approved
Stars2.1k
Forks280
Open issues36
Latest release4.0.4 (2026-04-14)
Last updated2026-07-02
Sourcehttps://github.com/zalando/logbook

What logbook is

An extensible Java 17+ library supporting Servlet, Apache HTTP Client, OkHttp, JAX-RS, Netty, and Ktor with pluggable filters for headers, bodies, and paths. Includes optional JSON formatting via Jackson 2/3 and Spring Boot 4.x auto-configuration.

Quickstart

Get the logbook source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/zalando/logbook.gitcd logbook# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Audit and Compliance Logging

Organizations requiring comprehensive HTTP traffic records for regulatory or security audits can leverage Logbook's ability to log complete request/response payloads with selective obfuscation of sensitive data.

Multi-Framework HTTP Visibility

Teams using multiple HTTP client libraries (OkHttp, Apache HttpClient, JAX-RS) or server frameworks (Spring, Netty, Ktor) can achieve consistent logging without reinventing integration logic for each technology.

Troubleshooting Production Issues

Engineering teams can diagnose intermittent failures or integration problems by correlating logged HTTP payloads with application metrics, without modifying business logic.

Implementation considerations

  • Configure logging level to TRACE for org.zalando.logbook to activate request/response logging; default to INFO or WARN in production to avoid noise.
  • Use conditional filters to exclude high-volume endpoints (health checks, metrics) and apply body filters for sensitive data (credentials, PII) before logging.
  • Jackson 3 is auto-selected in Spring Boot 4.x; if using Jackson 2, ensure it is explicitly available on classpath or JSON formatting will be silently disabled.
  • Integration is framework-specific: Servlet, Spring Boot Starter, OkHttp, Apache HttpClient, JAX-RS, Netty, and Ktor each require different module imports.
  • Body logging requires buffering request/response streams; validate that this does not cause memory or latency issues in high-concurrency scenarios.

When to avoid it — and what to weigh

  • Extreme High-Throughput, Latency-Sensitive Systems — If sub-millisecond request latency is critical, request/response body logging overhead may be unacceptable without careful performance tuning and conditional logging strategies.
  • Systems with No Java 17+ Upgrade Path — Logbook requires Java 17 minimum and Spring 7/Boot 4; legacy systems on Java 8–11 or Spring 5 cannot upgrade without significant refactoring.
  • No HTTP Traffic Visibility Requirement — If application architecture does not involve HTTP interactions (e.g., message-queue-only microservices or in-process RPC), Logbook provides no value.
  • Existing Centralized HTTP Logging Solution — Organizations already using API gateways, service meshes, or specialized APM tools for HTTP logging may add unnecessary complexity by also adding Logbook.

License & commercial use

MIT License permits commercial use, modification, and distribution with attribution and no warranty. Logbook can be freely integrated into proprietary and open-source products.

MIT is a permissive OSI-approved license with no usage restrictions for commercial products. No license review or approval is required. Attribution is expected but not legally enforced. Suitable for commercial software without encumbrance.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Library itself performs no authentication or encryption; it logs whatever HTTP traffic it observes. Filtering and obfuscation features allow masking sensitive headers, query parameters, and body content before writing to logs. Operators must configure filters to prevent logging credentials, tokens, or PII. Ensure log destination (files, streams, aggregators) is access-controlled. Body buffering for logging may briefly hold request/response data in memory; no claims made about secure deletion.

Alternatives to consider

Spring Cloud Sleuth + Micrometer

Distributed tracing with correlation IDs; lighter-weight than full body logging; integrates with Zipkin, Jaeger. Suitable if header and metadata logging suffice.

OkHttp Logging Interceptor (built-in)

Native OkHttp 3.x support with minimal overhead; no additional dependency. Limited to OkHttp; no multi-framework support or advanced filtering.

Service Mesh (Istio, Linkerd) HTTP Logging

Transparent HTTP logging at infrastructure level without code changes. Decouples logging from application; suits microservices on Kubernetes. Requires mesh adoption and operator expertise.

Software development agency

Build on logbook with DEV.co software developers

Logbook is production-ready and actively maintained by Zalando. Review the documentation, evaluate the multi-framework support, and test with your preferred HTTP client or server stack. No license barriers to commercial use.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

logbook FAQ

Does Logbook automatically sanitize passwords and tokens?
No. Logbook provides HeaderFilter, BodyFilter, and PathFilter APIs to define what to obfuscate. Operators must configure filters to mask Authorization headers, credentials in request bodies, etc. No default masking is applied.
Does logging request/response bodies add significant latency?
Body logging requires buffering streams, which adds memory and CPU overhead. Impact depends on body size, frequency, and hardware. For latency-critical systems, use conditional logging (e.g., log only failures) or exclude endpoints with known high volume.
Can Logbook work with Jackson 2 and Jackson 3 simultaneously?
Yes. Logbook detects both on classpath and prefers Jackson 3. If only Jackson 2 is available, it uses Jackson 2 implementations. If neither is available, JSON formatting is disabled but core logging still works.
Is Logbook suitable for REST API gateways or only backend services?
Both. Logbook integrates with client-side libraries (OkHttp, Apache HttpClient) and server-side frameworks (Servlet, Spring, Netty). It can log inbound requests to a gateway and outbound calls from services.

Software developers & web developers for hire

Adopting logbook is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source observability software in production.

Ready to add comprehensive HTTP logging to your Java services?

Logbook is production-ready and actively maintained by Zalando. Review the documentation, evaluate the multi-framework support, and test with your preferred HTTP client or server stack. No license barriers to commercial use.