If you’ve been waiting for GDPR-compliant PII masking or keyboard-driven navigation, this release is for you. Version 0.6.0 brings enterprise-grade privacy controls that work at ingestion time, comprehensive keyboard shortcuts for power users, and anomaly detection that alerts on statistical deviations instead of fixed thresholds.
If you’re new here: Logtide is an open-source alternative to Datadog, Splunk, and ELK. Privacy-first, self-hostable, with built-in SIEM capabilities and GDPR compliance. Built on PostgreSQL + TimescaleDB.
- 🌐 Cloud: logtide.dev (free tier available)
- 💻 GitHub: logtide-dev/logtide (330+ ⭐)
- 📦 Docker Hub: 3,500+ pulls
🔒 The Privacy Problem
Here’s the thing about log management: your logs contain PII. Email addresses in authentication logs, credit cards in payment errors, IP addresses everywhere, API keys accidentally logged during debugging.
Most platforms either:
- Store everything and hope your security team never asks questions
- Offer “enterprise” PII redaction as a paid add-on
- Require you to mask data before sending (shifting the burden to your code)
Logtide 0.6.0 masks PII at ingestion — before data touches disk. GDPR-compliant by design, not as an afterthought.
✨ What’s New
1. PII Masking at Ingestion
Zero-cost when disabled (0.001ms cache hit), but when enabled it protects:
- Built-in patterns: Emails, credit cards, SSNs, phone numbers, IP addresses, API keys
-
Smart field scanning: Auto-masks
password,token,secret,authorizationfields - Custom regex rules: Define org-level or project-level patterns for your specific needs
Three masking strategies:
-
mask— Partial masking:u***@domain.com -
redact— Full redaction:[REDACTED_EMAIL] -
hash— SHA-256 with per-org salt:[HASH:abc123...]
Settings UI at /dashboard/settings/pii-masking with live test panel. Built-in rules are disabled by default (opt-in). Custom rules validated with safe-regex2 to prevent ReDoS attacks.
Performance: Hot path optimizations eliminated ~6000 object allocations per 1000-log batch. Early exit for simple strings, compiled regex reuse, in-memory rule cache with 5-min TTL.
2. Keyboard Shortcuts for Power Users
GitHub-style navigation without touching your mouse:
-
Command Palette (
Ctrl/Cmd+K): Fuzzy search pages and actions -
Help Modal (
?): Complete shortcut reference with platform-aware keys -
Sequence Navigation: Two-key combos like GitHub
-
G D→ Dashboard -
G S→ Logs -
G A→ Alerts -
G E→ Security -
G X→ Settings
-
-
Search Navigation:
-
/— Focus search input -
J/K— Navigate logs with visual highlight -
Enter— Expand/collapse selected log -
R— Refresh results
-
Input-aware suppression means shortcuts don’t fire when you’re typing in textareas or search boxes.
3. Rate-of-Change Alerts (Anomaly Detection)
Fixed thresholds suck. Your traffic patterns change daily. What’s “normal” at 2pm isn’t normal at 2am.
Baseline-based alerting triggers when log volume deviates from historical patterns:
-
4 baseline methods:
same_time_yesterdaysame_day_last_week-
rolling_7d_avg(default) percentile_p95
-
Anti-spam built-in: Sustained check (5min default), cooldown period (60min), minimum baseline guard
-
Email subject:
[Anomaly] rule — 3x above baseline(vs[Alert]for threshold) -
Webhook payload: Includes
baseline_metadataandevent_type: "anomaly"
Smart defaults: 3x deviation multiplier, 10min baseline window, 5min sustained check.
4. Host Security Detection Packs
15 pre-built rules for host-based security monitoring, all MITRE ATT&CK mapped:
- Antivirus & Malware Pack: ClamAV FOUND patterns, AV scan failures, webshells
- Rootkit Detection Pack: rkhunter/chkrootkit patterns, hidden processes, kernel modules
-
File Integrity Monitoring Pack:
/etc/passwdchanges, SSH config mods, cron tampering
All rules use logsource.product: linux and compound conditions to reduce false positives.
5. Admin Dashboard Revision
Complete redesign for platform-level observability:
- Dashboard home: 4 health cards + 24h activity chart + 8 stat cards + top orgs/projects
- System Health page: Database/Redis diagnostics, TimescaleDB compression stats, continuous aggregates staleness
-
Slow queries monitoring: Active running queries (from
pg_stat_activity) + historical slowest queries
6. Timeline Event Markers
Visual indicators on the Logs Timeline chart showing when alerts or security detections occurred. Red circles for alerts, purple for detections. Hover tooltip shows rule names and log counts.
7. Version Update Notifications
Admin dashboard banner that checks GitHub releases for new versions. 6-hour cache, semver comparison, configurable release channel (stable / beta).
🐛 Notable Fixes
-
Client errors returning 500 instead of 4xx: 18+ API routes now properly return
400 Bad Requestwith validation details -
4xx errors logged as ERROR: Now
4xx→warn,5xx→error -
Charts not resizing on sidebar toggle: Replaced
window.resizewithResizeObserver - Notification click navigating to wrong org: Now auto-switches organization before navigating
-
Sigma API missing MITRE fields: Now includes
tags,mitreTactics,mitreTechniques -
Email logo not rendering: Switched from
.svgto.pngfor Outlook/Gmail compatibility
📦 Upgrade
docker compose pull
docker compose up -d
Two new migrations run automatically on startup:
-
021_add_pii_masking— PII masking rules and org salts -
022_add_rate_of_change_alerts— Baseline metadata columns
What’s Next?
Version 0.7.x is planned around compliance and advanced correlation:
- Audit Log of Log Access (#94) — Meta-logging: who accessed which logs, when, and why (critical for compliance)
- Service Dependency Graph (#40) — Visualize microservice communication patterns based on trace data
- OpenTelemetry Metrics Ingestion (#4) — Native OTLP metrics support (completing the observability triad: logs, traces, metrics)
But more importantly, we’re listening. Every feature in 0.6.0 came from community feedback on GitHub. Keep the issues and discussions coming.
Try Logtide:
- Cloud: logtide.dev
- Self-hosted: GitHub
- Docs: logtide.dev/docs
Full Changelog: v0.5.0…v0.6.0
