HTTP Log Levels
- Nick Sessa
- Nov 18, 2025
- 2 min read
If you're working with a partner, it's critical to ensure they do not modify global instance security settings without explicit review/approval from your platform team.
One recurring issue we see are vendors enabling 'ALL' level outbound REST logging platform-wide to troubleshoot a single integration. This often captures authorization headers in plain text for every outbound call, which is a significant and avoidable risk.
To Partners:
Please don’t enable elevated outbound logging at the platform level just to debug a single API. If you absolutely must enable full outbound REST logging, do it at the outbound REST record level, not the entire platform.
Red team members:
This is a common misconfiguration we continue to see in the wild. Be sure to take note...
🔍 Quick Security Check:
Review these system properties
- glide.outbound_http_log.override
- glide.outbound_http_log.override.level
If override is true and the level is ELEVATED or ALL, you’re likely logging sensitive data instance-wide.
Need help reviewing your security posture post-implementation? Let’s talk.
Logged elements by level
Field | Basic | Elevated | All |
Sequence | x | x | x |
HTTP Method | x | x | x |
Protocol | x | x | x |
Scheme | x | x | x |
Hostname | x | x | x |
Path | x | x | x |
HTTP response status | x | x | x |
Request length | x | x | x |
Response length | x | x | x |
Total call time | x | x | x |
System ID | x | x | x |
Source table | x | x | x |
Source record ID Note: You must have read access for records in the specified Source table to view this field. | x | x | x |
Scope | x | x | x |
Session | x | x | x |
Transaction | x | x | x |
User | x | x | x |
MID server | x | x | x |
Request headers | x | x | |
Request query | x | x | |
Response headers | x | x | |
Request body | x | ||
Response body | x |
SN Docs: Configure outbound logging
SN Docs: Prevent verbose HTTP request logging
Comments