Logtide 0.6.0: PII Masking, Keyboard Shortcuts & Anomaly Detection

Source: Dev.to

Overview

If you’ve been waiting for GDPR‑compliant PII masking or keyboard‑driven navigation, this release is for you. Version 0.6.0 brings enterprise‑grade privacy controls that work at ingestion time, comprehensive keyboard shortcuts for power users, and anomaly detection that alerts on statistical deviations instead of fixed thresholds.

If you’re new here: Logtide is an open‑source alternative to Datadog, Splunk, and ELK. It is privacy‑first, self‑hostable, and ships with built‑in SIEM capabilities and GDPR compliance. Built on PostgreSQL + TimescaleDB.

• 🌐 Cloud: (free tier available)
• 💻 GitHub: (330+ ⭐)
• 📦 Docker Hub: 3,500+ pulls

🔒 The Privacy Problem

Here’s the thing about log management: your logs contain PII. Email addresses in authentication logs, credit‑card numbers in payment errors, IP addresses everywhere, API keys accidentally logged during debugging.

Most platforms either:

• Store everything and hope your security team never asks questions
• Offer “enterprise” PII redaction as a paid add‑on
• Require you to mask data before sending (shifting the burden to your code)

Logtide 0.6.0 masks PII at ingestion — before data touches disk. GDPR‑compliant by design, not as an afterthought.

✨ What’s New

1. PII Masking at Ingestion

Zero‑cost when disabled (≈ 0.001 ms cache hit). When enabled it protects:

• Built‑in patterns: emails, credit cards, SSNs, phone numbers, IP addresses, API keys
• Smart field scanning: auto‑masks password, token, secret, authorization fields
• Custom regex rules: define org‑level or project‑level patterns for your specific needs

Three masking strategies

Settings UI: /dashboard/settings/pii-masking (live test panel). Built‑in rules are disabled by default (opt‑in). Custom rules are validated with safe-regex2 to prevent ReDoS attacks.

Performance – Hot‑path optimizations eliminated ~6 000 object allocations per 1 000‑log batch. Early exit for simple strings, compiled‑regex reuse, and an in‑memory rule cache with a 5‑minute TTL.

2. Keyboard Shortcuts for Power Users

GitHub‑style navigation without touching your mouse:

• Command Palette – Ctrl/Cmd+K: fuzzy‑search pages and actions
• Help Modal – ?: complete shortcut reference with platform‑aware keys
• Sequence Navigation (two‑key combos)

• Search Navigation
  • / – focus search input
  • J/K – navigate logs with visual highlight
  • Enter – expand/collapse selected log
  • R – refresh results

Input‑aware suppression ensures shortcuts don’t fire while typing in textareas or search boxes.

3. Rate‑of‑Change Alerts (Anomaly Detection)

Fixed thresholds suck. Your traffic patterns change daily. What’s “normal” at 2 pm isn’t normal at 2 am.

Baseline‑based alerting triggers when log volume deviates from historical patterns.

Four baseline methods

1. same_time_yesterday
2. same_day_last_week
3. rolling_7d_avg (default)
4. percentile_p95

Anti‑spam built‑in – sustained check (5 min default), cooldown period (60 min), minimum‑baseline guard.

• Email subject – [Anomaly] — 3x above baseline (vs. [Alert] for static thresholds)
• Webhook payload – includes baseline_metadata and event_type: "anomaly"

Smart defaults: 3× deviation multiplier, 10‑min baseline window, 5‑min sustained check.

4. Host Security Detection Packs

15 pre‑built rules for host‑based security monitoring, all MITRE ATT&CK‑mapped:

• Antivirus & Malware Pack – ClamAV FOUND patterns, AV scan failures, webshells
• Rootkit Detection Pack – rkhunter/chkrootkit patterns, hidden processes, kernel modules
• File Integrity Monitoring Pack – /etc/passwd changes, SSH config modifications, cron tampering

All rules use logsource.product: linux and compound conditions to reduce false positives.

5. Admin Dashboard Revision

Complete redesign for platform‑level observability:

• Dashboard home – 4 health cards, 24 h activity chart, 8 stat cards, top orgs/projects
• System Health page – DB/Redis diagnostics, TimescaleDB compression stats, continuous‑aggregate staleness
• Slow‑queries monitoring – active running queries (pg_stat_activity) + historical slowest queries

6. Timeline Event Markers

Visual indicators on the Logs Timeline chart showing when alerts or security detections occurred. Red circles for alerts, purple for detections. Hover tooltip displays rule names and log counts.

7. Version‑Update Notifications

Admin‑dashboard banner that checks GitHub releases for new versions. 6‑hour cache, semver comparison, configurable release channel (stable / beta).

🐛 Notable Fixes

• Client errors returning 500 instead of 4xx – 18+ API routes now correctly return 400 Bad Request with validation details.
• 4xx errors logged as ERROR – now logged as warn; 5xx remain error.
• Charts not resizing on sidebar toggle – replaced window.resize with ResizeObserver.
• Notification click navigating to wrong org – now auto‑switches organization before navigating.
• Sigma API missing MITRE fields – now includes tags, mitreTactics, mitreTechniques.
• Email logo not rendering – switched from .svg to .png for Outlook/Gmail compatibility.

📦 Upgrade

docker compose pull
docker compose up -d

(Run the above in the directory containing your docker-compose.yml to pull the latest images and restart the stack.)

e up -d

Full‑screen controls

• Enter fullscreen mode
• Exit fullscreen mode

New migrations (run automatically on startup)

What’s Next?

Version 0.7.x is planned around compliance and advanced correlation:

• Audit Log of Log Access – #94
  Meta‑logging: who accessed which logs, when, and why (critical for compliance).

• Service Dependency Graph – #40
  Visualize microservice communication patterns based on trace data.

• OpenTelemetry Metrics Ingestion – #4
  Native OTLP metrics support (completing the observability triad: logs, traces, metrics).

Note: Every feature in 0.6.0 came from community feedback on GitHub. Keep the issues and discussions coming!

Try Logtide

• Cloud:
• Self‑hosted:
• Docs:

Full Changelog

v0.5.0 → v0.6.0