Forem: Thomas Nelson The latest articles on Forem by Thomas Nelson (@zeroshi). https://forem.com/zeroshi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3032318%2F03ed7f84-093b-4721-9ce5-f5164e73d4c2.png Forem: Thomas Nelson https://forem.com/zeroshi en Enforce Runtime Logging Governance in .NET 8 with Cerbi.MEL.Governance Thomas Nelson Thu, 05 Jun 2025 04:27:15 +0000 https://forem.com/zeroshi/enforce-runtime-logging-governance-in-net-8-with-cerbimelgovernance-1jf8 https://forem.com/zeroshi/enforce-runtime-logging-governance-in-net-8-with-cerbimelgovernance-1jf8 <p>Ever wished you could automatically catch missing PII fields or forbidden values in your <code>.NET 8</code> logs, without rewriting your entire logging setup? With <strong>Cerbi.MEL.Governance</strong>, you can now plug governance checks directly into any <a href="https://docs.microsoft.com/dotnet/core/extensions/logging" rel="noopener noreferrer"><code>Microsoft.Extensions.Logging</code></a> pipeline. It always emits your original log line—and only emits a second JSON payload when a violation occurs.</p> <p>In this post, we’ll cover:</p> <ol> <li>Why runtime logging governance matters</li> <li>How to install Cerbi.MEL.Governance</li> <li>Configuring your governance JSON (<code>cerbi_governance.json</code>)</li> <li>A quick‐start code example (3 lines to enable)</li> <li>A live demo with console output</li> <li>Advanced tips: Relaxed mode, multiple profiles, performance notes</li> </ol> <p>Let’s dive in!</p> <h2> 1. Why Runtime Logging Governance Matters </h2> <p>When you log structured messages in production—especially with user data or payment information—you want to make sure:</p> <ul> <li> <strong>Required fields</strong> (e.g., <code>userId</code>, <code>email</code>) are never missing.</li> <li> <strong>Forbidden fields</strong> (e.g., <code>password</code>, <code>creditCardNumber</code>) never appear.</li> <li>You can enforce these rules <strong>at runtime</strong>, without having to manually audit logs later.</li> </ul> <p>Most teams adopt Serilog or other libraries for structured logging. But if you’re already using <code>.NET</code>’s built‐in <a href="https://docs.microsoft.com/dotnet/core/extensions/logging" rel="noopener noreferrer">MEL</a> (Microsoft.Extensions.Logging), there wasn’t a turnkey way to enforce governance rules—until now.</p> <p>With <strong>Cerbi.MEL.Governance</strong>, you can:</p> <ul> <li> <strong>Validate structured fields at runtime</strong> against a governance profile.</li> <li> <strong>Always emit the original log line</strong> (so downstream parsers/alerts work unchanged).</li> <li> <strong>Emit a secondary JSON payload only if a violation exists</strong> (no extra noise when everything is valid).</li> <li> <strong>Support “Relaxed mode”</strong> (if you want to temporarily bypass some rules) by passing <code>{ Relax } = true</code>.</li> <li> <strong>Plug into any MEL-compatible sink</strong>: Console, File, Seq, Application Insights, etc.</li> </ul> <h2> 2. Installation (NuGet) </h2> <p>Install the latest version via CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Installs the most recent version of Cerbi.MEL.Governance</span> dotnet add package Cerbi.MEL.Governance </code></pre> </div> <blockquote> <p><strong>Note:</strong> Cerbi.MEL.Governance targets <strong>.NET 8.0</strong> or higher.</p> </blockquote> <h2> 3. Governance Configuration (<code>cerbi_governance.json</code>) </h2> <p>Create a file named <code>cerbi_governance.json</code> in your project root (or anywhere you like, just point <code>ConfigPath</code> to it). Here’s a sample:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"EnforcementMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Strict"</span><span class="p">,</span><span class="w"> </span><span class="nl">"LoggingProfiles"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Orders"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"FieldSeverities"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Forbidden"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"AllowRelax"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"RequireTopic"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"AllowedTopics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Orders"</span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Payments"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"FieldSeverities"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"accountNumber"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"amount"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"AllowRelax"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"RequireTopic"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"AllowedTopics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Payments"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <ul> <li> <p><strong><code>EnforcementMode</code></strong></p> <ul> <li> <code>"Strict"</code>: Any missing required field or forbidden field triggers a violation.</li> </ul> </li> <li> <p><strong><code>LoggingProfiles</code></strong></p> <ul> <li>Each top‐level key (e.g., <code>"Orders"</code>, <code>"Payments"</code>) is a <strong>profile name</strong> or <strong>topic</strong>.</li> <li> <strong><code>FieldSeverities</code></strong>: map each field name to <code>"Required"</code> or <code>"Forbidden"</code>.</li> <li> <strong><code>AllowRelax</code></strong> (boolean): if <code>true</code>, passing <code>{ Relax } = true</code> in your log call will suppress violations and mark <code>"GovernanceRelaxed": true</code>.</li> <li> <strong><code>RequireTopic</code></strong>: if <code>true</code>, logs without a matching <code>[CerbiTopic]</code> attribute or fallback <code>Profile</code> key will be skipped/flagged.</li> <li> <strong><code>AllowedTopics</code></strong>: list of topics allowed for this profile (helps prevent cross‐pollination).</li> </ul> </li> </ul> <h2> 4. Quick‐Start Code Example (3 Lines!) </h2> <p>In most <code>.NET 8</code> console or worker‐service apps, you have something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">Microsoft.Extensions.Hosting</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Microsoft.Extensions.Logging</span><span class="p">;</span> <span class="k">using</span> <span class="nn">Cerbi</span><span class="p">;</span> <span class="c1">// Cerbi.MEL.Governance’s namespace</span> <span class="kt">var</span> <span class="n">builder</span> <span class="p">=</span> <span class="n">Host</span><span class="p">.</span><span class="nf">CreateDefaultBuilder</span><span class="p">(</span><span class="n">args</span><span class="p">)</span> <span class="p">.</span><span class="nf">ConfigureLogging</span><span class="p">(</span><span class="n">logging</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">logging</span><span class="p">.</span><span class="nf">ClearProviders</span><span class="p">();</span> <span class="n">logging</span><span class="p">.</span><span class="nf">AddSimpleConsole</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">IncludeScopes</span> <span class="p">=</span> <span class="k">true</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">SingleLine</span> <span class="p">=</span> <span class="k">true</span><span class="p">;</span> <span class="n">options</span><span class="p">.</span><span class="n">TimestampFormat</span> <span class="p">=</span> <span class="s">"HH:mm:ss "</span><span class="p">;</span> <span class="p">});</span> <span class="c1">// ← 3 lines to enable governance:</span> <span class="n">logging</span><span class="p">.</span><span class="nf">AddCerbiGovernance</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="n">Profile</span> <span class="p">=</span> <span class="s">"Orders"</span><span class="p">;</span> <span class="c1">// fallback topic if no [CerbiTopic] found</span> <span class="n">options</span><span class="p">.</span><span class="n">ConfigPath</span> <span class="p">=</span> <span class="s">"cerbi_governance.json"</span><span class="p">;</span> <span class="c1">// path to your JSON profile</span> <span class="n">options</span><span class="p">.</span><span class="n">Enabled</span> <span class="p">=</span> <span class="k">true</span><span class="p">;</span> <span class="c1">// toggle enforcement on/off</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="nf">ConfigureServices</span><span class="p">(</span><span class="n">services</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">services</span><span class="p">.</span><span class="n">AddTransient</span><span class="p">&lt;</span><span class="n">OrderService</span><span class="p">&gt;();</span> <span class="n">services</span><span class="p">.</span><span class="n">AddTransient</span><span class="p">&lt;</span><span class="n">PaymentService</span><span class="p">&gt;();</span> <span class="p">})</span> <span class="p">.</span><span class="nf">Build</span><span class="p">();</span> </code></pre> </div> <ul> <li> <strong><code>using Cerbi;</code></strong> is mandatory because the <code>AddCerbiGovernance(...)</code> extension lives there.</li> <li>You can replace <code>logging.AddSimpleConsole(...)</code> with any other MEL sink (e.g., <code>logging.AddConsole()</code>, <code>logging.AddApplicationInsights()</code>, etc.).</li> <li> <strong><code>options.Profile</code></strong> is the default fallback topic if no <code>[CerbiTopic("…")]</code> is found on the call stack. You can still override via <code>[CerbiTopic]</code> on a class or method.</li> </ul> <h2> 5. Live Demo &amp; Output </h2> <h3> <code>OrderService.cs</code> (example) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="k">using</span> <span class="nn">Cerbi</span><span class="p">;</span> <span class="c1">// for [CerbiTopic]</span> <span class="k">using</span> <span class="nn">Microsoft.Extensions.Logging</span><span class="p">;</span> <span class="p">[</span><span class="nf">CerbiTopic</span><span class="p">(</span><span class="s">"Orders"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">OrderService</span> <span class="p">{</span> <span class="k">private</span> <span class="k">readonly</span> <span class="n">ILogger</span><span class="p">&lt;</span><span class="n">OrderService</span><span class="p">&gt;</span> <span class="n">_logger</span><span class="p">;</span> <span class="k">public</span> <span class="nf">OrderService</span><span class="p">(</span><span class="n">ILogger</span><span class="p">&lt;</span><span class="n">OrderService</span><span class="p">&gt;</span> <span class="n">logger</span><span class="p">)</span> <span class="p">{</span> <span class="n">_logger</span> <span class="p">=</span> <span class="n">logger</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">void</span> <span class="nf">ProcessOrder</span><span class="p">(</span><span class="kt">string</span> <span class="n">userId</span><span class="p">,</span> <span class="kt">string</span> <span class="n">email</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Example 1: Valid log (both userId and email provided)</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Valid order: {userId} {email}"</span><span class="p">,</span> <span class="n">userId</span><span class="p">,</span> <span class="n">email</span><span class="p">);</span> <span class="c1">// Example 2: Missing userId → violation</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Missing userId, only email: {email}"</span><span class="p">,</span> <span class="n">email</span><span class="p">);</span> <span class="c1">// Example 3: Forbidden field (password) → violation</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span> <span class="s">"Leaking password: {userId} {email} {password}"</span><span class="p">,</span> <span class="n">userId</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="s">"supersecret"</span> <span class="p">);</span> <span class="c1">// Example 4: Relaxed mode (AllowRelax = true in JSON; pass {Relax} = true)</span> <span class="n">_logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span> <span class="s">"Email-only (relaxed): {email} {Relax}"</span><span class="p">,</span> <span class="n">email</span><span class="p">,</span> <span class="k">true</span> <span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Assuming you call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="kt">var</span> <span class="n">service</span> <span class="p">=</span> <span class="n">host</span><span class="p">.</span><span class="n">Services</span><span class="p">.</span><span class="n">GetRequiredService</span><span class="p">&lt;</span><span class="n">OrderService</span><span class="p">&gt;();</span> <span class="n">service</span><span class="p">.</span><span class="nf">ProcessOrder</span><span class="p">(</span><span class="s">"abc123"</span><span class="p">,</span> <span class="s">"user@example.com"</span><span class="p">);</span> </code></pre> </div> <p>You’ll see console output like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[12:34:56 INF] Valid order: abc123 user@example.com [12:34:56 INF] {"userId":"abc123","email":"user@example.com","CerbiTopic":"Orders","GovernanceProfileUsed":"Orders","GovernanceEnforced":true,"GovernanceMode":"Strict"} [12:34:56 INF] Missing userId, only email: user@example.com [12:34:56 INF] {"email":"user@example.com","CerbiTopic":"Orders","GovernanceViolations":["MissingField:userId"],"GovernanceRelaxed":false,"GovernanceProfileUsed":"Orders"} [12:34:56 INF] Leaking password: abc123 user@example.com supersecret [12:34:56 INF] {"userId":"abc123","email":"user@example.com","password":"supersecret","CerbiTopic":"Orders","GovernanceViolations":["ForbiddenField:password"],"GovernanceRelaxed":false,"GovernanceProfileUsed":"Orders"} [12:34:56 INF] Email-only (relaxed): user@example.com True [12:34:56 INF] {"email":"user@example.com","CerbiTopic":"Orders","GovernanceRelaxed":true,"GovernanceProfileUsed":"Orders"} </code></pre> </div> <ul> <li> <strong>First log</strong>: both fields present → governance enforced in “Strict” mode (JSON payload shows <code>"GovernanceEnforced": true</code>).</li> <li> <strong>Second log</strong>: missing <code>userId</code> → JSON payload includes <code>"GovernanceViolations": ["MissingField:userId"]</code>.</li> <li> <strong>Third log</strong>: forbidden <code>password</code> → JSON payload includes <code>"ForbiddenField:password"</code>.</li> <li> <strong>Fourth log</strong>: relaxed (because <code>{ Relax } = true</code> and <code>AllowRelax:true</code> in JSON) → JSON payload shows <code>"GovernanceRelaxed": true</code>.</li> </ul> <p>Notice that <strong>your original log line always appears first</strong>, unchanged. Only when a rule is violated (or relaxed) do you see that second JSON‐only line. Downstream log processors (Seq, Kibana, Splunk) still parse your structured fields from the first line as usual.</p> <h2> 6. Advanced Tips &amp; Best Practices </h2> <ol> <li><strong>Multiple Profiles / Topics</strong></li> </ol> <ul> <li>If your solution has multiple domains (e.g., “Orders,” “Payments,” “Users”), define each profile in the JSON.</li> <li>Use <code>[CerbiTopic("Payments")]</code> on your <code>PaymentService</code> class. If no attribute is found, <code>options.Profile</code> kicks in as a fallback.</li> </ul> <ol> <li><strong>Turning Enforcement On/Off</strong></li> </ol> <ul> <li>Set <code>options.Enabled = false</code> (or toggle via an environment variable) for development or quick debugging.</li> <li>You can programmatically reload the JSON file if it changes at runtime by restarting your host. A future version may support hot‐reloading.</li> </ul> <ol> <li><strong>Relaxed Mode</strong></li> </ol> <ul> <li>In JSON: <code>"AllowRelax": true</code> </li> <li>In code: <code>_logger.LogInformation("… {Relax}", true)</code> </li> <li>Violations are suppressed; JSON payload simply shows <code>"GovernanceRelaxed": true, "GovernanceProfileUsed": "Orders"</code>.</li> </ul> <ol> <li><strong>EA / Compliance-Driven Use Cases</strong></li> </ol> <ul> <li>If you’re a Lead Enterprise Architect responsible for compliance, embed your EA roadmap decisions into your governance JSON.</li> <li>Use field‐severity rules to detect days when migrations aren’t passing compliance checks (e.g., new microservices missing required context fields).</li> </ul> <ol> <li><strong>Performance Considerations</strong></li> </ol> <ul> <li>On a warm VM startup, the JSON validator is built once in memory. Per‐log overhead is minimal (milliseconds) unless you have hundreds of structured fields.</li> <li>Benchmarks show &lt; 1 ms overhead on typical log calls when no violations occur. Always measure under your app’s load profile if you have extremely high‐frequency logging.</li> </ul> <h2> 7. Next Steps &amp; Roadmap </h2> <ul> <li><p><strong>Relax() Helper Extension</strong><br> Coming soon: a fluent <code>logger.Relax()</code> API so you don’t have to manually pass <code>{ Relax } = true</code> each time.</p></li> <li><p><strong>Support for Additional EA Tools</strong><br> Future releases will integrate directly with LeanIX, Alfabet, and MEGA’s REST APIs to sync governance profiles automatically.</p></li> <li><p><strong>Custom Violation Formatting</strong><br> Want more context in the JSON payload? We plan to add hooks so you can control the violation‐code format (e.g., prepend environment name or correlation‐ID).</p></li> <li><p><strong>Community Contributions</strong><br> We welcome issues and pull requests! If you have a scenario we haven’t covered (e.g., Azure Functions scope issues), please open an issue or PR on GitHub.</p></li> </ul> <h2> 8. Links &amp; Resources </h2> <ul> <li>🔗 <strong>Demo &amp; Examples (GitHub)</strong>: <a href="https://github.com/Zeroshi/Cerbi.MEL.Governance.Demo" rel="noopener noreferrer">Zeroshi/Cerbi.MEL.Governance.Demo: Demonstrating Cerbi MEL governance implementation</a> </li> <li>📦 <strong>NuGet Package</strong>: <code>dotnet add package Cerbi.MEL.Governance</code> </li> </ul> <h3> TL;DR </h3> <p><strong>Cerbi.MEL.Governance</strong> gives you runtime enforcement of required/forbidden fields in any MEL pipeline. Install one NuGet package, configure a simple JSON file, and enforce PII/compliance rules automatically. Visit the repo for a full demo; join the conversation via issues or PRs if you need help or want to contribute!</p> <p>Happy logging!</p> dotnet security logging compliance CerbiStream: Real-Time Governance-Enforced Logging for .NET Thomas Nelson Tue, 20 May 2025 01:56:45 +0000 https://forem.com/zeroshi/cerbistream-real-time-governance-enforced-logging-for-net-1kc4 https://forem.com/zeroshi/cerbistream-real-time-governance-enforced-logging-for-net-1kc4 <blockquote> <p>What if your logs could validate themselves <em>while running</em> — tagging violations without dropping a single event?<br> CerbiStream brings governance to your logs, adds structure, encrypts them, and routes them securely. All in real-time.</p> <p>Enterprise-grade logging with structure, encryption, fallback, and real-time governance — built for cloud-native .NET developers.</p> </blockquote> <h2> 🧠 Why CerbiStream Exists </h2> <p>As developers, we've all experienced logging mistakes:</p> <ul> <li>Accidentally logging sensitive data like passwords or emails</li> <li>Forgetting to include <code>userId</code>, <code>requestId</code>, or <code>environment</code> </li> <li>Debugging issues with logs that have no structure, context, or traceability</li> </ul> <p>CerbiStream is designed to help development teams avoid these problems — by baking in <strong>runtime validation</strong>, <strong>fallback safety</strong>, and <strong>contextual metadata</strong> into every log line.</p> <p>It doesn't just log your data. It <strong>governs it</strong>.</p> <h2> ✨ What Is CerbiStream? </h2> <p>CerbiStream is a modular logging framework for .NET that helps developers:</p> <ul> <li>✅ Enforce runtime log structure via governance profiles</li> <li>🔐 Secure logs with AES/Base64 encryption</li> <li>🚦 Auto-tag logs with metadata and trace info</li> <li>📂 Fallback to encrypted local files if queues fail</li> <li>📡 Send to queues, cloud storage, or telemetry in parallel</li> </ul> <h2> 🚀 Quick Setup </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dotnet add package CerbiStream </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Logging</span><span class="p">.</span><span class="nf">AddCerbiStream</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="nf">WithQueue</span><span class="p">(</span><span class="s">"RabbitMQ"</span><span class="p">,</span> <span class="s">"localhost"</span><span class="p">,</span> <span class="s">"logs"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithFileFallback</span><span class="p">(</span><span class="s">"logs/fallback.json"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithEncryptionMode</span><span class="p">(</span><span class="n">EncryptionType</span><span class="p">.</span><span class="n">AES</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithEncryptionKey</span><span class="p">(</span><span class="n">myKey</span><span class="p">,</span> <span class="n">myIv</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithGovernanceChecks</span><span class="p">(</span><span class="k">true</span><span class="p">)</span> <span class="p">.</span><span class="nf">EnableProductionMode</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <h2> 🔐 Real-Time Governance Enforcement </h2> <p>The real-time governance feature rolled out recently with Cerbi.Governance.Runtime — and it's just the beginning. We’ve built it into CerbiStream to validate logs <em>as they happen</em>, without slowing development workflows or requiring devs to memorize rules.</p> <p>We're actively extending this to other ecosystems:</p> <ul> <li>🔜 <code>Cerbi.Serilog.GovernanceAnalyzer</code> </li> <li>🔜 <code>Cerbi.NLog.GovernanceAnalyzer</code> </li> <li>🔜 <code>Cerbi.Log4Net.GovernanceAnalyzer</code> </li> </ul> <p>This will bring consistent, policy-driven enforcement across the most popular logging stacks in .NET.</p> <p>CerbiStream now supports <strong>real-time governance enforcement</strong> via <code>Cerbi.Governance.Runtime</code>, ensuring that logs are validated against governance profiles <em>at runtime</em>. This removes dependency on build-time analyzers and works seamlessly across environments and dynamic deployment scenarios.</p> <p><strong>How it works:</strong></p> <ul> <li>Profiles define expected fields, severity, and topics.</li> <li>When a log is written, it is evaluated against the profile before being routed.</li> <li>If the log is non-compliant, governance metadata is injected (e.g., <code>GovernanceViolations</code>, <code>GovernanceProfileUsed</code>, etc.).</li> <li>If <code>Relax()</code> is applied, governance is bypassed <em>intentionally</em> but still <strong>tagged</strong> with <code>"GovernanceRelaxed": true</code> for audit and scoring.</li> </ul> <p>✅ This approach ensures <em>logs aren't dropped</em> — they are <strong>tagged, not blocked</strong>, making it easy to score or flag them downstream without causing operational noise or alert spam.</p> <p>➡️ Future versions will integrate this tagging into CerbiSense for governance scoring and trend analysis across teams and services.</p> <p>CerbiStream uses JSON-based profiles and applies them at runtime, so developers aren’t locked into compile-time analyzers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"EnforcementMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Strict"</span><span class="p">,</span><span class="w"> </span><span class="nl">"LoggingProfiles"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Orders"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"RequireTopic"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"AllowedTopics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Orders"</span><span class="p">],</span><span class="w"> </span><span class="nl">"FieldSeverities"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Required"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Forbidden"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"AllowRelax"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Tag your class with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="p">[</span><span class="nf">CerbiTopic</span><span class="p">(</span><span class="s">"Orders"</span><span class="p">)]</span> <span class="k">public</span> <span class="k">class</span> <span class="nc">OrderService</span> <span class="p">{</span> <span class="p">}</span> </code></pre> </div> <h2> 🛄 Example Logs </h2> <h3> ✅ Compliant Log </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">logger</span><span class="p">.</span><span class="nf">LogInformation</span><span class="p">(</span><span class="s">"Order started"</span><span class="p">,</span> <span class="k">new</span> <span class="p">{</span> <span class="n">userId</span> <span class="p">=</span> <span class="s">"u123"</span><span class="p">,</span> <span class="n">email</span> <span class="p">=</span> <span class="s">"demo@site.com"</span> <span class="p">});</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Order started"</span><span class="p">,</span><span class="w"> </span><span class="nl">"userId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"u123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"demo@site.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"GovernanceProfileUsed"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Orders"</span><span class="p">,</span><span class="w"> </span><span class="nl">"TimestampUtc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-05-19T10:42:01Z"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> ❌ Violation (Missing Required Fields) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">logger</span><span class="p">.</span><span class="nf">LogWarning</span><span class="p">(</span><span class="s">"Something went wrong"</span><span class="p">);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Something went wrong"</span><span class="p">,</span><span class="w"> </span><span class="nl">"GovernanceViolations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Missing: userId"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Missing: email"</span><span class="p">],</span><span class="w"> </span><span class="nl">"GovernanceMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Strict"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 🛑 Relaxed Log (Explicit Bypass) </h3> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">logger</span><span class="p">.</span><span class="nf">Relax</span><span class="p">().</span><span class="nf">LogError</span><span class="p">(</span><span class="s">"Emergency override triggered"</span><span class="p">);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Emergency override triggered"</span><span class="p">,</span><span class="w"> </span><span class="nl">"GovernanceRelaxed"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"LogLevel"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Error"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> 📂 File Fallback Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">options</span><span class="p">.</span><span class="nf">WithEncryptedFallback</span><span class="p">(</span><span class="s">"fallback.json"</span><span class="p">,</span> <span class="s">"primary.json"</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="n">iv</span><span class="p">);</span> </code></pre> </div> <p>Logs are written securely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="err">ENCRYPTED</span><span class="p">]</span><span class="w"> </span><span class="err">&lt;AES</span><span class="w"> </span><span class="err">Payload&gt;</span><span class="w"> </span><span class="p">[</span><span class="err">/ENCRYPTED</span><span class="p">]</span><span class="w"> </span></code></pre> </div> <h2> ☁️ Supported Targets </h2> <ul> <li>📨 <strong>Queues</strong>: RabbitMQ, Azure Service Bus, Kafka, AWS SQS, GCP Pub/Sub</li> <li>🧠 <strong>Telemetry</strong>: App Insights, OpenTelemetry, Datadog, CloudWatch</li> <li>📂 <strong>Storage</strong>: Azure Blob, AWS S3, Google Cloud Storage</li> </ul> <h2> 🧪 Preset Modes for Easy Setup </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">options</span><span class="p">.</span><span class="nf">EnableDevModeMinimal</span><span class="p">();</span> <span class="c1">// Console only</span> <span class="n">options</span><span class="p">.</span><span class="nf">EnableDeveloperModeWithTelemetry</span><span class="p">();</span> <span class="c1">// Local testing</span> <span class="n">options</span><span class="p">.</span><span class="nf">EnableProductionMode</span><span class="p">();</span> <span class="c1">// Full governance</span> <span class="n">options</span><span class="p">.</span><span class="nf">EnableBenchmarkMode</span><span class="p">();</span> <span class="c1">// Silent for perf tests</span> </code></pre> </div> <h2> 📊 Benchmarked vs. Serilog </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>CerbiStream ✅</th> <th>Serilog ❌</th> </tr> </thead> <tbody> <tr> <td>Real-Time Governance</td> <td>✅ Yes</td> <td>❌ No</td> </tr> <tr> <td>Full Payload Encryption</td> <td>✅ Built-in AES</td> <td>❌ Requires plugins</td> </tr> <tr> <td>Fallback Logging</td> <td>✅ Encrypted</td> <td>🔸 Limited</td> </tr> <tr> <td>Telemetry + Queues</td> <td>✅ Dual support</td> <td>🔸 Separate sinks</td> </tr> </tbody> </table></div> <blockquote> <p><a href="https://github.com/Zeroshi/CerbiStream.BenchmarkTests" rel="noopener noreferrer">View benchmarks</a></p> </blockquote> <h2> 🧾 Summary </h2> <p>In this article, we covered:</p> <ul> <li>Why log governance is a human problem</li> <li>What CerbiStream does differently</li> <li>How runtime enforcement tags non-compliant logs</li> <li>What compliant, violating, and relaxed log output looks like</li> <li>How fallback, telemetry, and encryption features help build safer systems</li> <li>The roadmap for supporting other loggers</li> </ul> <p>CerbiStream was created to help developers log confidently and securely — without losing productivity. Try it out, enforce your standards, and eliminate log regret.</p> <h2> 🔗 Try It Out </h2> <ul> <li>🧪 <a href="https://github.com/Zeroshi/CerbistreamGovernanceDemo" rel="noopener noreferrer">CerbiStream Demo App</a> </li> <li>🧠 <a href="https://github.com/Zeroshi/Cerbi-CerbiStream" rel="noopener noreferrer">CerbiStream Core Repo</a> </li> <li>🧪 <a href="https://github.com/Zeroshi/CerbiStream.BenchmarkTests" rel="noopener noreferrer">Benchmark Suite</a> </li> </ul> <h3> 📦 NuGet Packages </h3> <ul> <li><p><a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer">CerbiStream</a></p></li> <li><p><a href="https://www.nuget.org/packages/Cerbi.Governance.Runtime" rel="noopener noreferrer">Cerbi.Governance.Runtime</a></p></li> <li><p><a href="https://www.nuget.org/packages/CerbiStream.GovernanceAnalyzer" rel="noopener noreferrer">CerbiStream.GovernanceAnalyzer</a></p></li> <li><p><a href="https://www.nuget.org/packages/Cerbi.Serilog.GovernanceAnalyzer" rel="noopener noreferrer">Cerbi.Serilog.GovernanceAnalyzer</a></p></li> <li><p>🧪 <a href="https://github.com/Zeroshi/CerbistreamGovernanceDemo" rel="noopener noreferrer">Sample App</a></p></li> <li><p>📚 <a href="https://github.com/Zeroshi/Cerbi-CerbiStream" rel="noopener noreferrer">Documentation &amp; Profiles</a></p></li> <li><p>📦 <a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer">NuGet - CerbiStream</a></p></li> <li><p>💬 <a href="https://github.com/Zeroshi/Cerbi-CerbiStream/discussions" rel="noopener noreferrer">GitHub Discussions</a></p></li> </ul> <p>CerbiStream is open source and evolving fast. Let us know your use case or suggest a feature!<br> <strong>Happy logging 🙌</strong></p> dotnet logging security cloud Benchmarking Logging Frameworks: How CerbiStream Measures Up Thomas Nelson Wed, 23 Apr 2025 21:43:25 +0000 https://forem.com/zeroshi/benchmarking-logging-frameworks-how-cerbistream-measures-up-35af https://forem.com/zeroshi/benchmarking-logging-frameworks-how-cerbistream-measures-up-35af <p>Logging shouldn’t be an afterthought. It should be <strong>fast</strong>, <strong>structured</strong>, and <strong>governed</strong>—without slowing your app down.</p> <p>Meet <a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer"><strong>CerbiStream</strong></a>, a developer-first logging library built with governance and performance at its core. But how does it actually perform compared to industry staples like <strong>Serilog</strong>, <strong>NLog</strong>, and <strong>Log4Net</strong>?</p> <p>That’s what <a href="https://github.com/Zeroshi/CerbiStream.BenchmarkTests" rel="noopener noreferrer"><strong>CerbiStream.BenchmarkTests</strong></a> was created to answer.</p> <h2> 🔬 What’s Inside? </h2> <p>This open-source benchmark suite uses <a href="https://benchmarkdotnet.org/" rel="noopener noreferrer">BenchmarkDotNet</a> to give you real, comparable results across popular logging frameworks.</p> <p>It includes:</p> <ul> <li>🔁 <strong>Throughput tests</strong> — logging 10k+ entries per run</li> <li>💾 <strong>Memory benchmarks</strong> — allocations, GC behavior, per-log overhead</li> <li>🧱 <strong>Payload scenarios</strong> — from flat logs to nested structured objects</li> <li>✅ <strong>Governance enforcement</strong> — CerbiStream uniquely validates required &amp; forbidden fields</li> </ul> <p>All test outputs are saved under the <code>charts/</code> folder and are easy to extend. Want to add your own logger? Just plug it in.</p> <h2> 📈 Sample Benchmark: Logs/sec </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Logger</th> <th>Logs/sec (Structured)</th> <th>Memory/Log</th> <th>Governance?</th> </tr> </thead> <tbody> <tr> <td>CerbiStream</td> <td>🟢 82,000+</td> <td>~128 B</td> <td>✅ Full support</td> </tr> <tr> <td>NLog</td> <td>🔵 84,000</td> <td>~120 B</td> <td>❌</td> </tr> <tr> <td>Serilog</td> <td>🟡 80,000</td> <td>~146 B</td> <td>⚠️ Plugin only</td> </tr> <tr> <td>Log4Net</td> <td>🟠 60,000</td> <td>~160 B</td> <td>❌</td> </tr> </tbody> </table></div> <blockquote> <p>✅ CerbiStream is the only logger with <strong>compile-time analyzers</strong> and <strong>runtime validation</strong> for governance rules.</p> </blockquote> <p>More detailed charts → <a href="https://github.com/Zeroshi/CerbiStream.BenchmarkTests/tree/main/charts" rel="noopener noreferrer">View Benchmarks</a></p> <h2> ⚡ What Makes CerbiStream Different? </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Logging</span><span class="p">.</span><span class="nf">AddCerbiStream</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="nf">UseGovernanceFromJson</span><span class="p">(</span><span class="s">"Configs/governance.json"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> dotnet logging benchmarking programming CerbiStream – Bringing Governance to the Wild West of Logging Thomas Nelson Thu, 10 Apr 2025 16:42:00 +0000 https://forem.com/zeroshi/cerbistream-bringing-governance-to-the-wild-west-of-logging-4ok6 https://forem.com/zeroshi/cerbistream-bringing-governance-to-the-wild-west-of-logging-4ok6 <p>Hi everyone,</p> <p>I’m excited to share deeper insights into <a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer"><strong>CerbiStream</strong></a> — a <strong>free logging framework</strong> built for <strong>.NET</strong> that’s designed to solve persistent challenges faced by growing companies, decoupled teams, contracting organizations, and industries under strict regulations like <strong>HIPAA</strong> and <strong>GDPR</strong>. While CerbiStream is currently optimized for .NET, plans are already underway to extend support to <strong>other popular frameworks</strong>.</p> <h2> Why Governance in Logging Matters </h2> <p>Logging today is often the wild west of modern systems. Many organizations suffer from:</p> <ul> <li><p><strong>Inconsistent Logging</strong><br><br> Developers working across multiple services use varied logging approaches, leading to confusing and unstructured log outputs.</p></li> <li><p><strong>Unpredictable Data</strong><br><br> Without enforced structure, you never know what data will be captured—making troubleshooting and traceability challenging.</p></li> <li><p><strong>Compliance and Security Challenges</strong><br><br> For industries dealing with sensitive data, inconsistent logging can lead to major compliance issues and security risks.</p></li> </ul> <p>Having held roles across several companies and industries, I saw how these issues resulted in operational headaches and wasted time. That's why I built <strong>CerbiStream</strong> — to enforce governance in logging from the ground up.</p> <h2> What Makes CerbiStream Different </h2> <p>CerbiStream isn’t just another logging library. It is engineered with a <strong>governance-first mindset</strong> while ensuring integration with modern observability tools.</p> <h3> Decoupled Logging Pipeline </h3> <p>CerbiStream sends logs through queues — supporting <strong>RabbitMQ</strong>, <strong>Kafka</strong>, <strong>Azure Service Bus</strong>, <strong>AWS SQS</strong>, and <strong>GCP Pub/Sub</strong> — offloading processing to downstream systems like <strong>Application Insights</strong> and others. This ensures <strong>minimal latency</strong> and <strong>maximum durability</strong>.</p> <h3> Governance-First Approach </h3> <p>With built-in <strong>compile-time analyzers</strong> and <strong>runtime validators</strong>, every log entry must include the required metadata (e.g., <code>UserId</code>, <code>IPAddress</code>). This simplifies troubleshooting and helps meet strict <strong>audit and compliance</strong> standards.</p> <h3> Performance Optimized </h3> <p>Using <a href="https://benchmarkdotnet.org/" rel="noopener noreferrer"><strong>BenchmarkDotNet</strong></a>, local benchmarks were run comparing CerbiStream to <strong>Serilog</strong>, <strong>NLog</strong>, and <strong>Log4Net</strong>. CerbiStream consistently matched or exceeded their performance — while offering governance and queue-first routing as a bonus.</p> <h3> Flexible and Developer-Friendly </h3> <p>In development mode, rapid iteration is effortless. Production mode supports telemetry and governance seamlessly. CerbiStream’s intuitive API enables quick integration, even for decentralized or remote teams.</p> <h3> Built for .NET — and Beyond </h3> <p>CerbiStream is currently focused on .NET, but we’re actively working to support <strong>other frameworks</strong> like <strong>Node.js</strong>, <strong>Python</strong>, and <strong>Java</strong>, making cross-platform structured logging with governance a reality.</p> <h2> The Need for a Unified, Governed Logging Approach </h2> <p>For growing companies — especially those with <strong>distributed teams</strong> or <strong>contractors</strong> — consistent logging is critical. CerbiStream guarantees that every log entry follows strict governance rules, helping:</p> <ul> <li>Reduce production troubleshooting time </li> <li>Strengthen security and compliance postures </li> <li>Enable consistent audit trails </li> <li>Standardize developer logging practices across teams</li> </ul> <h2> Let’s Drive the Conversation Forward </h2> <p>I’d love to hear your feedback on:</p> <ul> <li> <strong>API Clarity</strong> — Is the CerbiStream API intuitive enough for your team?</li> <li> <strong>Compliance &amp; Governance</strong> — Would enforced log structure simplify your audit/security processes?</li> <li> <strong>Feature Enhancements</strong> — What would make CerbiStream even more powerful for your use case?</li> <li> <strong>Enterprise Integration</strong> — Would a governance dashboard like <a href="https://github.com/Zeroshi/CerbiShield" rel="noopener noreferrer"><strong>CerbiShield</strong></a> (coming soon!) revolutionize how you handle log auditing?</li> </ul> <h2> Try It Free </h2> <p>CerbiStream is <a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer"><strong>completely free</strong> on NuGet</a>.<br><br> You can check out the full source code on GitHub: <a href="https://github.com/Zeroshi/Cerbi-CerbiStream" rel="noopener noreferrer"><strong>CerbiStream GitHub Repo</strong></a></p> <p>Additionally, to add governance add: <a href="https://www.nuget.org/packages/CerbiStream.GovernanceAnalyzer" rel="noopener noreferrer">CerbiStream.GovernanceAnalyzer</a> </p> <p>Feel free to drop your comments or questions below. Whether you're working on a tightly regulated enterprise app or just want clean, consistent logs across services — your feedback will help shape the future of CerbiStream.</p> <p>Let’s redefine logging together.</p> dotnet logging governance opensource CerbiStream: .NET Logging with Governance Enforcement, Queue Routing, and Developer-First Config Thomas Nelson Wed, 09 Apr 2025 04:11:11 +0000 https://forem.com/zeroshi/cerbistream-net-logging-with-governance-enforcement-queue-routing-and-developer-first-config-4108 https://forem.com/zeroshi/cerbistream-net-logging-with-governance-enforcement-queue-routing-and-developer-first-config-4108 <p>Hey,</p> <p>I'm new to the site. I created this account because I wanted to gather some feedback on a product I've been building. </p> <p>Over the past few months, I’ve been working on a .NET logging framework that solves a handful of pain points I’ve consistently run into on large-scale enterprise systems:</p> <ul> <li>Logging that's <strong>too open-ended</strong> or poorly structured</li> <li>Inconsistent developer output across microservices</li> <li>Centralized routing to multiple observability tools</li> <li>Difficulty enforcing governance or auditing policies</li> </ul> <p>So I built <strong>CerbiStream</strong> — a governance-first, developer-friendly logging solution for .NET 8 and beyond.</p> <h2> What Is CerbiStream? </h2> <p>CerbiStream is a structured logging library built to help teams <strong>enforce log structure</strong>, <strong>send logs through queues</strong>, and <strong>stay secure and consistent</strong>.</p> <p>🔹 <a href="https://www.nuget.org/packages/CerbiStream" rel="noopener noreferrer">CerbiStream on NuGet</a><br><br> 🔹 <a href="https://www.nuget.org/packages/CerbiStream.GovernanceAnalyzer" rel="noopener noreferrer">Governance Analyzer Add-on</a><br><br> 🔹 <a href="https://github.com/Zeroshi/Cerbi-CerbiStream" rel="noopener noreferrer">GitHub Repo (MIT)</a><br><br> 🔹 <a href="https://cerbi.systems/" rel="noopener noreferrer">CerbiSuite Website</a></p> <h2> Key Features </h2> <p>✅ Out-of-the-box support for <code>ILogger&lt;T&gt;</code><br><br> ✅ Works with RabbitMQ, Kafka, Azure Service Bus, AWS SQS, GCP Pub/Sub<br><br> ✅ Optional encryption (Base64, AES with custom keys or Azure Key Vault)<br><br> ✅ Governance Analyzer for compile-time structured logging enforcement<br><br> ✅ External validator support for EF Core/Blazor-safe validation<br><br> ✅ Presets for development, benchmarking, and telemetry-enabled modes</p> <h2> Quick Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">builder</span><span class="p">.</span><span class="n">Logging</span><span class="p">.</span><span class="nf">AddCerbiStream</span><span class="p">(</span><span class="n">options</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="n">options</span><span class="p">.</span><span class="nf">WithQueue</span><span class="p">(</span><span class="s">"AzureServiceBus"</span><span class="p">,</span> <span class="s">"sb://..."</span><span class="p">,</span> <span class="s">"audit-logs"</span><span class="p">)</span> <span class="p">.</span><span class="nf">WithEncryptionMode</span><span class="p">(</span><span class="n">EncryptionType</span><span class="p">.</span><span class="n">Base64</span><span class="p">)</span> <span class="p">.</span><span class="nf">EnableDeveloperModeWithTelemetry</span><span class="p">();</span> <span class="p">});</span> </code></pre> </div> <p>✅ To enable governance without using the Roslyn analyzer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight csharp"><code><span class="n">options</span><span class="p">.</span><span class="nf">WithGovernanceValidator</span><span class="p">((</span><span class="n">profile</span><span class="p">,</span> <span class="n">log</span><span class="p">)</span> <span class="p">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="n">log</span><span class="p">.</span><span class="nf">ContainsKey</span><span class="p">(</span><span class="s">"UserId"</span><span class="p">)</span> <span class="p">&amp;&amp;</span> <span class="n">log</span><span class="p">.</span><span class="nf">ContainsKey</span><span class="p">(</span><span class="s">"IPAddress"</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Why Cerbi?</strong><br> CerbiStream is part of a bigger ecosystem I'm working on:</p> <p>CerbiStream – Dev-first logging SDK<br> CerbiStream.GovernanceAnalyzer – Optional Roslyn analyzer<br> CerbIQ – Routing &amp; observability pipeline (pulls from queue, sends to sinks like Splunk, Elastic, etc.)<br> CerbiShield – (Coming soon!) Governance rule dashboard with RBAC &amp; audit logging</p> <p>📈 Adoption &amp; Status<br> 📦 Over 2,000+ downloads on NuGet</p> <p>Used by Checkmarx, Artifactory, CI systems, and private mirrors</p> <h2> Benchmarked Against Other Loggers </h2> <p>CerbiStream was built with performance in mind. It’s benchmarked alongside:</p> <ul> <li>🪵 <strong>Serilog</strong> </li> <li>🧱 <strong>NLog</strong> </li> <li>🔩 <strong>Log4Net</strong> </li> </ul> <p>Benchmarks show CerbiStream achieving <strong>competitive performance</strong> while offering additional features like:</p> <ul> <li>Governance rule enforcement (optional Roslyn or runtime validator)</li> <li>Queue-first routing (Kafka, RabbitMQ, Azure, AWS, GCP)</li> <li>Minimal dev-mode presets for fast local iteration</li> </ul> <p>We’re actively working on a public benchmark suite that compares:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Serilog</th> <th>NLog</th> <th>Log4Net</th> <th><strong>CerbiStream</strong></th> </tr> </thead> <tbody> <tr> <td>Structured logging</td> <td>✅</td> <td>✅</td> <td>❌</td> <td>✅</td> </tr> <tr> <td>Governance enforcement</td> <td>❌</td> <td>❌</td> <td>❌</td> <td>✅</td> </tr> <tr> <td>Queue-first routing</td> <td>❌</td> <td>❌</td> <td>❌</td> <td>✅</td> </tr> <tr> <td>Roslyn analyzer for log rules</td> <td>❌</td> <td>❌</td> <td>❌</td> <td>✅ <em>(optional)</em> </td> </tr> <tr> <td>Encryption support</td> <td>❌</td> <td>❌</td> <td>❌</td> <td>✅ (AES/Base64)</td> </tr> <tr> <td>Minimal dev mode toggle</td> <td>❌</td> <td>❌</td> <td>❌</td> <td>✅</td> </tr> </tbody> </table></div> <p>Let me know what else you'd like to see compared in future benchmarks!</p> <p>In development: Azure Marketplace onboarding &amp; enterprise governance dashboard</p> <p>🙏 I Need Your Feedback!<br> I'd love your thoughts on:</p> <p>API clarity — is it intuitive enough?</p> <p>Would you use this for audit or security logs?</p> <p>What features would make this more useful to you?</p> <p>Would a CerbiShield dashboard help your team?</p> <p>Thanks for checking it out — and if you install it or give it a test, I’d really appreciate your feedback!</p> dotnet logging devtools opensource