Tools: Logtide 0.6.0: PII Masking, Keyboard Shortcuts & Anomaly Detection

🔒 The Privacy Problem ## ✨ What's New ## 1. PII Masking at Ingestion ## 2. Keyboard Shortcuts for Power Users ## 3. Rate-of-Change Alerts (Anomaly Detection) ## 4. Host Security Detection Packs ## 5. Admin Dashboard Revision ## 6. Timeline Event Markers ## 7. Version Update Notifications ## 🐛 Notable Fixes ## 📦 Upgrade ## What's Next? If you've been waiting for GDPR-compliant PII masking or keyboard-driven navigation, this release is for you. Version 0.6.0 brings enterprise-grade privacy controls that work at ingestion time, comprehensive keyboard shortcuts for power users, and anomaly detection that alerts on statistical deviations instead of fixed thresholds. If you're new here: Logtide is an open-source alternative to Datadog, Splunk, and ELK. Privacy-first, self-hostable, with built-in SIEM capabilities and GDPR compliance. Built on PostgreSQL + TimescaleDB. Here's the thing about log management: your logs contain PII. Email addresses in authentication logs, credit cards in payment errors, IP addresses everywhere, API keys accidentally logged during debugging. Most platforms either: Logtide 0.6.0 masks PII at ingestion — before data touches disk. GDPR-compliant by design, not as an afterthought. Zero-cost when disabled (0.001ms cache hit), but when enabled it protects: Three masking strategies: Settings UI at /dashboard/settings/pii-masking with live test panel. Built-in rules are disabled by default (opt-in). Custom rules validated with safe-regex2 to prevent ReDoS attacks. Performance: Hot path optimizations eliminated ~6000 object allocations per 1000-log batch. Early exit for simple strings, compiled regex reuse, in-memory rule cache with 5-min TTL. GitHub-style navigation without touching your mouse: Input-aware suppression means shortcuts don't fire when you're typing in textareas or search boxes. Fixed thresholds suck. Your traffic patterns change daily. What's "normal" at 2pm isn't normal at 2am. Baseline-based alerting triggers when log volume deviates from historical patterns: Anti-spam built-in: Sustained check (5min default), cooldown period (60min), minimum baseline guard Email subject: [Anomaly] rule — 3x above baseline (vs [Alert] for threshold) Webhook payload: Includes baseline_metadata and event_type: "anomaly" Smart defaults: 3x deviation multiplier, 10min baseline window, 5min sustained check. 15 pre-built rules for host-based security monitoring, all MITRE ATT&CK mapped: All rules use logsource.product: linux and compound conditions to reduce false positives. Complete redesign for platform-level observability: Visual indicators on the Logs Timeline chart showing when alerts or security detections occurred. Red circles for alerts, purple for detections. Hover tooltip shows rule names and log counts. Admin dashboard banner that checks GitHub releases for new versions. 6-hour cache, semver comparison, configurable release channel (stable / beta). Two new migrations run automatically on startup: Version 0.7.x is planned around compliance and advanced correlation: But more importantly, we're listening. Every feature in 0.6.0 came from community feedback on GitHub. Keep the issues and discussions coming. Full Changelog: v0.5.0...v0.6.0 Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse COMMAND_BLOCK: docker compose pull docker compose up -d Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: docker compose pull docker compose up -d COMMAND_BLOCK: docker compose pull docker compose up -d - 🌐 Cloud: logtide.dev (free tier available) - 💻 GitHub: logtide-dev/logtide (330+ ⭐) - 📦 Docker Hub: 3,500+ pulls - Store everything and hope your security team never asks questions - Offer "enterprise" PII redaction as a paid add-on - Require you to mask data before sending (shifting the burden to your code) - Built-in patterns: Emails, credit cards, SSNs, phone numbers, IP addresses, API keys - Smart field scanning: Auto-masks password, token, secret, authorization fields - Custom regex rules: Define org-level or project-level patterns for your specific needs - mask — Partial masking: u***@domain.com - redact — Full redaction: [REDACTED_EMAIL] - hash — SHA-256 with per-org salt: [HASH:abc123...] - Command Palette (Ctrl/Cmd+K): Fuzzy search pages and actions - Help Modal (?): Complete shortcut reference with platform-aware keys - Sequence Navigation: Two-key combos like GitHub G D → Dashboard G S → Logs G A → Alerts G E → Security G X → Settings - G D → Dashboard - G A → Alerts - G E → Security - G X → Settings - Search Navigation: / — Focus search input J/K — Navigate logs with visual highlight Enter — Expand/collapse selected log R — Refresh results - / — Focus search input - J/K — Navigate logs with visual highlight - Enter — Expand/collapse selected log - R — Refresh results - G D → Dashboard - G A → Alerts - G E → Security - G X → Settings - / — Focus search input - J/K — Navigate logs with visual highlight - Enter — Expand/collapse selected log - R — Refresh results - 4 baseline methods: same_time_yesterday same_day_last_week rolling_7d_avg (default) percentile_p95 - same_time_yesterday - same_day_last_week - rolling_7d_avg (default) - percentile_p95 - Anti-spam built-in: Sustained check (5min default), cooldown period (60min), minimum baseline guard - Email subject: [Anomaly] rule — 3x above baseline (vs [Alert] for threshold) - Webhook payload: Includes baseline_metadata and event_type: "anomaly" - same_time_yesterday - same_day_last_week - rolling_7d_avg (default) - percentile_p95 - Antivirus & Malware Pack: ClamAV FOUND patterns, AV scan failures, webshells - Rootkit Detection Pack: rkhunter/chkrootkit patterns, hidden processes, kernel modules - File Integrity Monitoring Pack: /etc/passwd changes, SSH config mods, cron tampering - Dashboard home: 4 health cards + 24h activity chart + 8 stat cards + top orgs/projects - System Health page: Database/Redis diagnostics, TimescaleDB compression stats, continuous aggregates staleness - Slow queries monitoring: Active running queries (from pg_stat_activity) + historical slowest queries - Client errors returning 500 instead of 4xx: 18+ API routes now properly return 400 Bad Request with validation details - 4xx errors logged as ERROR: Now 4xx → warn, 5xx → error - Charts not resizing on sidebar toggle: Replaced window.resize with ResizeObserver - Notification click navigating to wrong org: Now auto-switches organization before navigating - Sigma API missing MITRE fields: Now includes tags, mitreTactics, mitreTechniques - Email logo not rendering: Switched from .svg to .png for Outlook/Gmail compatibility - 021_add_pii_masking — PII masking rules and org salts - 022_add_rate_of_change_alerts — Baseline metadata columns - Audit Log of Log Access (#94) — Meta-logging: who accessed which logs, when, and why (critical for compliance) - Service Dependency Graph (#40) — Visualize microservice communication patterns based on trace data - OpenTelemetry Metrics Ingestion (#4) — Native OTLP metrics support (completing the observability triad: logs, traces, metrics) - Cloud: logtide.dev - Self-hosted: GitHub - Docs: logtide.dev/docs