How can I control GAE logging in Python?

Question

I need help trying to figure out what the fields are in the default GAE python log. And then I need to figure out how to control what shows up in the logs.

I'm seeing the following in my GAE Python app log entries. Some of the actual identifying data has been changed:

2013-01-22 12:39:58.002 /api/v1/entrypoint 400 768ms 0kb Mozilla/5.0 (Linux; U; Android 2.3.3; en-ca; GT-I9100M Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
204.101.237.139 - user [22/Jan/2013:09:39:58 -0800] "POST /api/v1/entrypoint HTTP/1.1" 400 188 "http://www.mysite.com/view/?csrfmiddlewaretoken=XXXX&formfield_1=Abc+Def+G&formfield_2=xyz"Mozilla/5.0 (Linux; U; Android 2.3.3; en-ca; GT-I9100M Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" "www.mysite.com" ms=768 cpu_ms=172 cpm_usd=0.000081 instance=00c61b137c6d7e0a2f5a15b9210fc3134c24b7

This is running on a Django based site where a form presented to the user at http://www.mysite.com/view is submitted to http://www.mysite.com/api/v1/entrypoint. The log is from the form submission.

First I believe all these logs are automatically generated by GAE. I'm not logging this info, although there's a possibility the Django framework is generating the log somewhere that I don't know about.

I'd like to hide the form data submission from the log. I don't think I see the form data being logged with every form submission. Can anyone suggest why it shows up with some forms and not other?

Is there a way to control GAE logging so that the form data is NOT logged? While it's useful for debugging, I'm concerned about security.

Answer 1

The fields logged are documented in the RequestLog class.

The field with the form data is the referrer. You could make the view to use post instead to prevent the fields from being logged.