tcell_agent 0.2.7 → 0.2.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a2e9af45884f3f879ebdac3c3df5c1443704b46
-  data.tar.gz: 4ebb0cf3c1dc1082581b098d60d86a1ab629dd2e
+  metadata.gz: 38bd348af6afc0394baa2b21028297f52c8bd869
+  data.tar.gz: 3a0cd72fe8d1c792a13a4a73492da78d2b773b13
 SHA512:
-  metadata.gz: 34f96472deced27c678bb902dbd70bf3340debe5eed76506ff949ce08b647b5893b005806b82920f75582e371ae5ee7278ea4f3f77bc2bb6751fcb00750e7fee
-  data.tar.gz: d99da7567bae448c909d51c3fd720ddb29429993a60cd499c195460e1d1d052e6c3f9d8481af93dc07209f0460a42ad10a2e8a8ae011923dd17cd23f124faf26
+  metadata.gz: cd5eb354fe88c5822692bb5e74194d56f67645d92910e14f24d07d27c128735b5750d84a567e7a9dd4a2558c5af1b71f41ec92c47c9db1e5f4e1efc6c731d7f2
+  data.tar.gz: c570a523bdb36c1aebe4fcf457ececc053e3395cb56bc7f3fbc59d8100897fcda06a8a4fe0447f62acdee239ca4fba601c93892b92ea3d4a1a7c9f952915c9cb

data/bin/tcell_agent

@@ -14,6 +14,8 @@ Commonly used command are:
    setup :     Setup new config file
     test :     Run diagnostics classes and config
 loglevel :     Set the loglevel of the tcell agent
+  enable :     Enable the agent
+ disable :     Disable the agent
 
 See 'tcell_agent COMMAND --help' for more information on a specific command.
 
@@ -69,6 +71,12 @@ subcommands = {
         options[:off] = v
       end
   end,
+  'enable' => OptionParser.new do |opts|
+      opts.banner = "Usage: enable"
+  end,
+  'disable' => OptionParser.new do |opts|
+      opts.banner = "Usage: disable"
+  end,
   'test' => OptionParser.new do |opts|
       opts.banner = "Usage: test"
       #opts.on("-q", "--[no-]quiet", "quietly run ") do |v|
@@ -165,6 +173,20 @@ elsif (command == 'preload')
   File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
   puts "done."
 
+elsif (command == 'enable')
+  file = File.read(CONFIG_FILE)
+  config_hash = JSON.parse(file)
+  config_hash["applications"][0].delete("enabled")
+  File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
+  puts "Enabled, you will need to restart the server."
+
+elsif (command == 'disable')
+  file = File.read(CONFIG_FILE)
+  config_hash = JSON.parse(file)
+  config_hash["applications"][0]["enabled"] = false
+  File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
+  puts "Disabled, you will need to restart the server."
+
 elsif (command == 'demomode')
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)

data/lib/tcell_agent/agent/event_processor.rb

@@ -34,6 +34,7 @@ module TCellAgent
 
     def ensure_event_processor_running
       return if event_processor_running?
+      return if TCellAgent.configuration.should_start_event_manager? == false
       @worker_mutex.synchronize do
         return if event_processor_running?
         if self.is_parent_process? == false
@@ -51,6 +52,8 @@ module TCellAgent
     end
 
     def start_event_processor(send_empties=true)
+      return if TCellAgent.configuration.should_start_event_manager? == false
+
       if TCellAgent::Agent.is_parent_process? == false
         return
       end
@@ -245,6 +248,7 @@ module TCellAgent
     end
 
     def start_metrics_event_thread
+      return if TCellAgent.configuration.should_consume_event? == false
       @metrics_event_thread = Thread.new do
         begin
           loop do
@@ -264,6 +268,7 @@ module TCellAgent
     end
 
     def _queue_metric(event)
+      return if TCellAgent.configuration.should_consume_event? == false      
       begin
         self.ensure_metrics_event_thread_running
         if (@metrics_event_queue.length() > 100)
@@ -277,6 +282,7 @@ module TCellAgent
     end
 
     def queueSensorEvent(event)
+      return if TCellAgent.configuration.should_consume_event? == false
       begin
         if TCellAgent::Agent.is_parent_process? == false
           self.queue_forked_event(event)
@@ -299,6 +305,7 @@ module TCellAgent
     end
 
     def increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
+
       TCellAgent::Instrumentation.safe_block("Incrementing session info") do
 
         if TCellAgent::Agent.is_parent_process? == false

data/lib/tcell_agent/agent/fork_pipe_manager.rb

@@ -17,9 +17,9 @@ module TCellAgent
             @writep.set_encoding(::Encoding::ASCII_8BIT)
           end
           if is_parent?
-              self.start_listener(&block)
+            self.start_listener(&block)
           end
-        rescue Exception=>init_exception
+        rescue Exception => init_exception
           TCellAgent.logger.error("Could not start listener for pipe to forks")
           TCellAgent.logger.error(init_exception.message)
           TCellAgent.logger.debug(init_exception.backtrace)
@@ -30,38 +30,38 @@ module TCellAgent
       end
       def start_listener(&block)
         Thread.new {
-            while true do
-                begin
-                    packed_bytes = @readp.read(4)
-                    event_length = packed_bytes.unpack("L>").first
-                    packed_event = @readp.read(event_length)
-                    event = Marshal.load(packed_event)
-                    if block
-                      block.call(event)
-                    end
-                rescue Exception=>block_exception
-                  TCellAgent.logger.error("Could not decode block")
-                  TCellAgent.logger.error(block_exception.message)
-                  TCellAgent.logger.debug(block_exception.backtrace)
-                  sleep 0.5
-                end
+          while true do
+            begin
+              packed_bytes = @readp.read(4)
+              event_length = packed_bytes.unpack("L>").first
+              packed_event = @readp.read(event_length)
+              event = Marshal.load(packed_event)
+              if block
+                block.call(event)
+              end
+            rescue Exception=>block_exception
+              TCellAgent.logger.error("Could not decode block")
+              TCellAgent.logger.error(block_exception.message)
+              TCellAgent.logger.debug(block_exception.backtrace)
+              sleep 0.5
             end
+          end
         }
       end
       def send_to_parent(event)
         if is_parent?
-            #puts "Sending in pipe the wrong way"
-            return
+          #puts "Sending in pipe the wrong way"
+          return
         else
-            begin
-              packed_event = Marshal.dump(event)
-              packed_bytes = [packed_event.bytesize].pack("L>")
-              @writep.write(packed_bytes+packed_event)
-            rescue Exception=>block_exception
-              TCellAgent.logger.error("Could not write to pipe")
-              TCellAgent.logger.error(block_exception.message)
-              TCellAgent.logger.debug(block_exception.backtrace)
-            end
+          begin
+            packed_event = Marshal.dump(event)
+            packed_bytes = [packed_event.bytesize].pack("L>")
+            @writep.write(packed_bytes+packed_event)
+          rescue Exception => block_exception
+            TCellAgent.logger.error("Could not write to pipe")
+            TCellAgent.logger.error(block_exception.message)
+            TCellAgent.logger.debug(block_exception.backtrace)
+          end
         end
       end
     end
@@ -69,7 +69,7 @@ module TCellAgent
     @@event_pipe_manager = ForkPipeManager.new { |event|
       begin
         TCellAgent.send_event(event)
-      rescue Exception=>block_exception
+      rescue Exception => block_exception
         TCellAgent.logger.error("Could handle send_event_block")
         TCellAgent.logger.error(block_exception.message)
         TCellAgent.logger.debug(block_exception.backtrace)

data/lib/tcell_agent/agent/policy_manager.rb

@@ -31,6 +31,7 @@ module TCellAgent
 
     def ensure_policy_polling_running
       return if policy_polling_running?
+      return if TCellAgent.configuration.should_start_policy_poll? == false
       @policy_polling_worker_mutex.synchronize do
         return if policy_polling_running?
         start_policy_polling
@@ -42,7 +43,7 @@ module TCellAgent
     end
 
     def start_policy_polling
-      if TCellAgent.configuration.fetch_policies_from_tcell == true
+      if TCellAgent.configuration.should_start_policy_poll? == true
         TCellAgent.logger.debug("Starting policy polling thread")
         @policy_polling_thread = Thread.new do
           last_poll_time = 0

data/lib/tcell_agent/agent/route_manager.rb

@@ -13,14 +13,27 @@ require "tcell_agent"
 
 module TCellAgent
   class Agent
+    def self.get_database_discovery_identifier(database, schema, table, fields)
+      [
+        database,
+        schema,
+        table,
+        fields.join(",")
+      ].join(",").hash
+    end
+
   	def discover_database_field(route_id, database, schema, table, field)
-  		if (@route_table.routes[route_id].database[database][schema][table][field].discovered != true)
-  			@route_table.routes[route_id].database[database][schema][table][field].discovered = true
-  			event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database(database, schema, table, field)
-  			TCellAgent.send_event(event)
-  		end
+      discover_database_fields(route_id, database, schema, table, [field])
   	end
+
   	def discover_database_fields(route_id, database, schema, table, fields)
+      if (route_id == nil ||
+          database == nil ||
+          schema == nil ||
+          table == nil ||
+          fields == nil)
+        return
+      end
       if TCellAgent::Agent.is_parent_process? == false
         TCellAgent.queue_metric({"_type"=>"discover_database_fields", 
           "route_id"=>route_id, 
@@ -30,16 +43,23 @@ module TCellAgent
           "fields"=>fields})
         return
       end
-  		discovered_fields = fields.select { |field| 
-  				@route_table.routes[route_id].database[database][schema][table][field].discovered != true
-  		}
-  		if (discovered_fields.length > 0)
-  			discovered_fields.each { |field|
-				@route_table.routes[route_id].database[database][schema][table][field].discovered = true
-  			}
-  			event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
-  			TCellAgent.send_event(event)
-  		end
+      query_hash = TCellAgent::Agent.get_database_discovery_identifier(database, schema, table, fields)
+      if (@route_table.routes[route_id].database_queries_discovered.fetch(query_hash, false) == false)
+        @route_table.routes[route_id].database_queries_discovered[query_hash] = true
+        event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
+        TCellAgent.send_event(event)
+      end
+  		#discovered_fields = fields.select { |field| 
+  		#		@route_table.routes[route_id].database_queries_discoverd[database][schema][table][field].discovered != true
+  		#}
+  		#if (discovered_fields.length > 0)
+  		#	discovered_fields.each { |field|
+			#	@route_table.routes[route_id].database[database][schema][table][field].discovered = true
+  		#	}
+  		#	event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
+  		#	TCellAgent.send_event(event)
+  		#end
    	end 
+
   end
 end

data/lib/tcell_agent/configuration.rb

@@ -17,7 +17,7 @@ module TCellAgent
   class Configuration
     attr_accessor :version, :app_id, :api_key, :hmac_key, 
       :tcell_api_url, :tcell_input_url,
-      :enabled, :logging_options,
+      :logging_options,
       :fetch_policies_from_tcell, :instrument_for_events,
       :preload_policy_filename,
       :proxy_host, :proxy_port, :proxy_username, :proxy_password,
@@ -33,8 +33,35 @@ module TCellAgent
       :raise_exceptions,
       :allow_unencrypted_appsensor_payloads
 
+    attr_accessor :enabled,
+      :enable_event_manager,       # false = Do not start the even manager
+      :enable_event_consumer,      # false = Do not consume events, drop them
+      :enable_policy_polling,      # false = Do not poll for policies
+      :enable_instrumentation,     # false = Do not add instrumentation
+      :enable_intercept_requests   # false = Do not insert middleware
+
     attr_accessor :exp_config_settings
 
+    def should_start_event_manager?
+      @enabled && @enable_event_manager
+    end
+
+    def should_consume_event?
+      @enabled && @enable_event_manager && @enable_event_consumer
+    end
+
+    def should_start_policy_poll?
+      @enabled && @enable_policy_polling && @fetch_policies_from_tcell # fetch_policies_from_tcel = legacy
+    end
+
+    def should_instrument?
+      @enabled && @enable_instrumentation && @instrument_for_events # instrument_for_events = legacy
+    end
+
+    def should_intercept_requests?
+      @enabled && @enable_instrumentation && @enable_intercept_requests
+    end
+
     def initialize(filename="config/tcell_agent.config", useapp=nil)
       @version = 0
       @exp_config_settings = true
@@ -44,7 +71,14 @@ module TCellAgent
 
       @fetch_policies_from_tcell = true
       @instrument_for_events = true
+
       @enabled = true
+      @enable_event_manager = true
+      @enable_event_consumer = true
+      @enable_policy_polling = true
+      @enable_instrumentation = true
+      @enable_intercept_requests = true
+
       @cache_filename = "tcell/cache/tcell_agent.cache"
       @default_log_filename = "tcell/logs/tcell_agent.log"
 
@@ -107,8 +141,14 @@ module TCellAgent
             @api_key ||= app_data["api_key"]
 
             # Optional
-            @enabled = app_data.fetch("enabled", true)
             @preload_policy_filename = app_data.fetch("preload_policy_filename", nil)
+
+            @enabled = app_data.fetch("enabled", @enabled)
+            @enable_event_manager = app_data.fetch("enable_event_manager", @enable_event_manager)
+            @enable_event_consumer = app_data.fetch("enable_event_consumer", @enable_event_consumer)
+            @enable_policy_polling = app_data.fetch("enable_policy_polling", @enable_policy_polling)
+            @enable_instrumentation = app_data.fetch("enable_instrumentation", @enable_instrumentation)
+            @enable_intercept_requests = app_data.fetch("enable_intercept_requests", @enable_intercept_requests)
             @fetch_policies_from_tcell = app_data.fetch("fetch_policies_from_tcell", @fetch_policies_from_tcell)
             @instrument_for_events = app_data.fetch("instrument_for_events", @instrument_for_events)
 

data/lib/tcell_agent/instrumentation.rb

@@ -226,7 +226,10 @@ module TCellAgent
     def self.safe_block_no_log(message, &block)
       begin
         block.call()
-      rescue Exception
+      rescue Exception => e
+        if TCellAgent.configuration.raise_exceptions
+          raise e
+        end
       end
     end
   end

data/lib/tcell_agent/logger.rb

@@ -41,7 +41,7 @@ module TCellAgent
       @logger.formatter = proc do |severity, datetime, progname, msg|
         # ISO 8601 format
         date_format = datetime.strftime("%Y-%m-%d %H:%M:%S,%L%z")
-         "[#{date_format}] #{severity}[#{@logger_pid}]: #{msg}\n"
+         "[#{date_format}] [#{TCellAgent::VERSION}] #{severity}[#{@logger_pid}]: #{msg}\n"
       end
 
       return @logger

data/lib/tcell_agent/rails.rb

@@ -24,27 +24,21 @@ require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
-# ensure ActiveRecord's version has been required already
-module TCellAgent
-  class MyRailtie < Rails::Railtie
-    initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
-      if (TCellAgent.configuration.enabled)
-        Rails.application.config.to_prepare do
-        end
-        Rails.application.config.after_initialize do
-        end
-      end
-    end
-  end
-end
-
 module TCellAgent
   class Railtie < Rails::Railtie
     initializer "tcell_agent.insert_middleware" do |app|
-        app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
-        app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
-        app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware"
-        app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware"
+        if TCellAgent.configuration.should_intercept_requests?
+          app.config.to_prepare do
+            require 'tcell_agent/devise' if defined?(Devise)
+            require 'tcell_agent/rails/auth/devise' if defined?(Devise)
+            require 'tcell_agent/authlogic' if defined?(Authlogic)
+            require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
+          end
+          app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
+          app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
+          app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware"
+          app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware"
+        end
     end
   end
 end

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -6,8 +6,8 @@ require 'tcell_agent/instrumentation'
 
 module TCellAgent
     if defined?(Authlogic)
-        TCellAgent.logger.debug("Instrumenting Authlogic")
-        if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
+        if (TCellAgent.configuration.enabled && TCellAgent.configuration.should_intercept_requests?)
+            TCellAgent.logger.debug("Instrumenting Authlogic")
             require 'tcell_agent/agent'
             require 'tcell_agent/sensor_events/login_fraud'
             Authlogic::Session::Base.class_eval do

data/lib/tcell_agent/rails/auth/devise.rb

@@ -1,6 +1,6 @@
 module TCellAgent
   if defined?(Devise)
-    if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
+    if (TCellAgent.configuration.enabled && TCellAgent.configuration.should_intercept_requests?)
       TCellAgent.logger.debug("Instrumenting Devise")
 
       require 'tcell_agent/agent'

data/lib/tcell_agent/rails/dlp.rb

@@ -51,31 +51,35 @@ require 'thread'
 #   end
 # end
 
+require 'tcell_agent/configuration'
 
-class ActiveRecord::Base
-  # after_initialize do |user|
-  #   puts "You have initialized an object!"
-  #   puts "ASDF"
-  # end
-  after_find do |record|
-    database_name = self.class.connection_config().fetch(:database,"*").split('/').last
-    dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-    if dlp_policy
-      request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
-      if request_env
-        tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
-        if tcell_context
-          model = record.class
-          column_names = model.columns.map { |col| col.name }
-          if (dlp_policy.database_discovery_enabled)
-            TCellAgent.discover_database_fields(tcell_context.route_id, database_name,"*",model.table_name, column_names)
-          end
-          model.columns.each do |col|
-            #puts "#{model.table_name} .. #{col.name}"
-            action_objs = dlp_policy.get_actions_for_table(database_name, "*", model.table_name, col.name, tcell_context.route_id)
-            if action_objs
-              action_objs.each do |action_obj|
-                tcell_context.add_response_db_filter(record[col.name.to_sym], action_obj, database_name, "*", model.table_name, col.name)
+if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests?
+
+  class ActiveRecord::Base
+    # after_initialize do |user|
+    #   puts "You have initialized an object!"
+    #   puts "ASDF"
+    # end
+    after_find do |record|
+      database_name = self.class.connection_config().fetch(:database,"*").split('/').last
+      dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+      if dlp_policy
+        request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
+        if request_env
+          tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
+          if tcell_context
+            model = record.class
+            column_names = model.columns.map { |col| col.name }
+            if (dlp_policy.database_discovery_enabled)
+              TCellAgent.discover_database_fields(tcell_context.route_id, database_name,"*",model.table_name, column_names)
+            end
+            model.columns.each do |col|
+              #puts "#{model.table_name} .. #{col.name}"
+              action_objs = dlp_policy.get_actions_for_table(database_name, "*", model.table_name, col.name, tcell_context.route_id)
+              if action_objs
+                action_objs.each do |action_obj|
+                  tcell_context.add_response_db_filter(record[col.name.to_sym], action_obj, database_name, "*", model.table_name, col.name)
+                end
               end
             end
           end
@@ -83,126 +87,132 @@ class ActiveRecord::Base
       end
     end
   end
-end
 
-# - Request
-# -   Session Id event
-# -   Session Id redact
-# -   Session Id hash
-# -   Session Id mask
-# -   Database-Stuff - [event, redact]
-# 
-# - Log
-#
-
-module TCellAgent
-  module Policies
-    class DataLossPolicy
-      def log_enforce(tcell_context, sanitize_string)
-        if (tcell_context && tcell_context.session_id)
-          session_id_actions = self.get_actions_for_session_id
-          if session_id_actions
-            send_event = false
-            sanitize_string.gsub!(tcell_context.session_id) {|m|
-              if session_id_actions.log_redact
-                send_event = true
-                m = "[session_id]"
-              elsif session_id_actions.log_hash
-                send_event = true
-                m = "[hash]"
-              elsif session_id_actions.log_event
-                send_event = true
+  # - Request
+  # -   Session Id event
+  # -   Session Id redact
+  # -   Session Id hash
+  # -   Session Id mask
+  # -   Database-Stuff - [event, redact]
+  # 
+  # - Log
+  #
+
+  module TCellAgent
+    module Policies
+      class DataLossPolicy
+        def log_enforce(tcell_context, sanitize_string)
+          if (tcell_context && tcell_context.session_id)
+            session_id_actions = self.get_actions_for_session_id
+            if session_id_actions
+              send_event = false
+              sanitize_string.gsub!(tcell_context.session_id) {|m|
+                if session_id_actions.log_redact
+                  send_event = true
+                  m = "[session_id]"
+                elsif session_id_actions.log_hash
+                  send_event = true
+                  m = "[hash]"
+                elsif session_id_actions.log_event
+                  send_event = true
+                end
+                m
+              }
+              if send_event
+                TCellAgent.send_event(
+                  TCellAgent::SensorEvents::DlpEvent.new(
+                    tcell_context.route_id, 
+                    tcell_context.uri, 
+                    TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG
+                    ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+                )
               end
-              m
-            }
+            end
+          end
+          sanitize_string
+        end
+        def response_body_enforce(tcell_context, sanitize_string)
+          if (tcell_context && tcell_context.session_id)
+            session_id_actions = self.get_actions_for_session_id
+            if session_id_actions
+              send_event = false
+              sanitize_string.gsub!(tcell_context.session_id) {|m|
+                if session_id_actions.body_redact
+                  # m = "[session_id]"
+                  send_event = true
+                elsif session_id_actions.body_hash
+                  # m = "[hash]"
+                  send_event = true
+                elsif session_id_actions.body_event
+                  send_event = true
+                end
+                m
+              }
+            end
             if send_event
               TCellAgent.send_event(
                 TCellAgent::SensorEvents::DlpEvent.new(
                   tcell_context.route_id, 
                   tcell_context.uri, 
-                  TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG
+                  TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY
                   ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
               )
             end
           end
+          sanitize_string
         end
-        sanitize_string
-      end
-      def response_body_enforce(tcell_context, sanitize_string)
-        if (tcell_context && tcell_context.session_id)
-          session_id_actions = self.get_actions_for_session_id
-          if session_id_actions
-            send_event = false
-            sanitize_string.gsub!(tcell_context.session_id) {|m|
-              if session_id_actions.body_redact
-                # m = "[session_id]"
-                send_event = true
-              elsif session_id_actions.body_hash
-                # m = "[hash]"
-                send_event = true
-              elsif session_id_actions.body_event
-                send_event = true
-              end
-              m
-            }
-          end
-          if send_event
-            TCellAgent.send_event(
-              TCellAgent::SensorEvents::DlpEvent.new(
-                tcell_context.route_id, 
-                tcell_context.uri, 
-                TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY
-                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
-            )
-          end
-        end
-        sanitize_string
       end
     end
   end
-end
 
-module TCellAgent
-    ActiveSupport.on_load(:action_controller) do
-      ActionController::Base.class_eval do
-        around_filter :global_request_logging
-        def global_request_logging 
-          begin 
-            yield
-            TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
-              tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
-              if tcell_context
-                response.body = tcell_context.filter_body(response.body)
-              end
-            }
+  module TCellAgent
+      ActiveSupport.on_load(:action_controller) do
+        ActionController::Base.class_eval do
+          around_filter :global_request_logging
+          def global_request_logging 
+            begin 
+              yield
+              TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
+                tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
+                if tcell_context
+                  response.body = tcell_context.filter_body(response.body)
+                end
+              }
+            end
           end
         end
       end
-    end
-end
+  end
+
+  class Logger
+    alias_method :tcell_old_add, :add
+    def add(severity, message = nil, progname = nil, &block)
+      if severity < self.level
+        tcell_old_add(severity, message, progname)
 
-class Logger
-  alias_method :tcell_old_add, :add
-  def add(severity, message = nil, progname = nil, &block)
-    progname ||= @progname
-    if message.nil?
-      if block_given?
-        message = yield
       else
-        message = progname
-        progname = @progname
-      end
-    end
-    TCellAgent::Instrumentation.safe_block_no_log("Handling JSAgent add") {
-      dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-      request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
-      if message && dlp_policy && request_env
-        tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
-        if tcell_context
-          tcell_context.filter_log(message)
+        progname ||= @progname
+        if message.nil?
+          if block_given?
+            message = yield
+          else
+            message = progname
+            progname = @progname
+          end
         end
+
+        TCellAgent::Instrumentation.safe_block_no_log("Handling JSAgent add") {
+          dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+          request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
+          if message && dlp_policy && request_env
+            tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
+            if tcell_context
+              tcell_context.filter_log(message)
+            end
+          end
+        }
+        tcell_old_add(severity, message, progname)
       end
-    }
-    tcell_old_add(severity, message, progname)
+    end
   end
-end
+end