Lnav Sensitive Columns

The log data hits the screen, raw and unfiltered. You see everything—timestamps, user IDs, payloads—but some details, if shared, could trigger a security audit or worse. This is where Lnav Sensitive Columns comes in.

Lnav lets you view and search logs from the command line. But when logs contain personal data, credentials, or sensitive tokens, you need a way to hide them during inspection. The sensitive columns feature masks or redacts values in specified fields without breaking the log format. You can still filter, sort, and run SQL queries on the sanitized data, avoiding leaks while keeping the analysis intact.

Defining sensitive columns in Lnav is straightforward. Edit the lnav format configuration (.lnav/formats/ directory) or your custom log format JSON. Under the schema, add "sensitive": true to any column definition. You can apply this to multiple columns—such as password, credit_card_number, session_id—and Lnav will hide their values by default. The masking policy is built-in, so these fields never leave your terminal in plain text once defined.

Working with sensitive columns doesn’t break Lnav’s power tools. SQL queries still run against the underlying data in memory. Searches and filtering work the same way. The benefit is that the data you export, share, or screenshot is scrubbed. In security-conscious environments, this is critical for compliance and collaboration.

You can combine sensitive columns with Lnav’s other features like regular expression filters, time navigation, and JSON browsing. This lets you maintain fast, forensic-grade log review without the risk of exposing confidential data. Proper configuration of sensitive columns transforms Lnav from a raw log viewer into a safe analysis environment.

If your team needs rapid, secure log review, Lnav sensitive columns are not optional—they’re essential. Try them with your data, then push your workflow into a live environment. See it in action on hoop.dev and start securing your logs in minutes.