github.com/sirupsen/logrus

Logrus provides structured logging with a clean API and good formatter options. The WithFields pattern is intuitive and the JSON formatter works well for production log aggregation. However, it's officially in maintenance mode with the maintainers recommending alternatives like slog for new projects.

From a security perspective, logrus has concerning defaults. Fields are logged verbatim without sanitization, making it trivial to accidentally log credentials, tokens, or PII if you're not careful with WithField calls. There's no built-in redaction or sensitive field filtering. Error wrapping can expose stack traces with internal paths in production if you don't configure the formatter carefully.

The reflection-based field handling adds overhead and makes it harder to audit what's being logged at compile time. Hook support is useful but hooks receive all log entries, creating risk if a hook mishandles sensitive data. TLS isn't directly relevant here, but the library doesn't provide guidance on secure logging practices, which would be valuable given how often logs become attack vectors.

Logrus was my go-to logger for years, and it does the fundamentals well. The Fields API is intuitive - `log.WithFields(logrus.Fields{"user_id": 123}).Info("action")` reads naturally. Multiple output formats (JSON, text) work out of the box, and custom formatters are straightforward to implement. The hook system for sending logs to external services is genuinely useful.

However, daily use reveals friction points. The package uses a global logger by default, which creates testing headaches and makes dependency injection awkward. You'll spend time creating logger instances and passing them through constructors. Type safety is weak - Fields is just `map[string]interface{}`, so typos in field names go unnoticed until runtime, and there's no autocomplete for your structured fields.

The project is in maintenance mode now, and it shows. No support for structured logging with type-safe fields like newer libraries offer. Performance under high load is noticeably slower than slog or zap. The API works fine for small services, but you'll hit walls as complexity grows.

Logrus was the de facto structured logging library for Go for years, and it shows in its maturity and stability. The API is straightforward - WithFields() for structured data, multiple log levels, and pluggable formatters work as expected. However, the library is now in maintenance mode, and you'll feel the friction of design decisions from the pre-Go-1.13 era.

The biggest daily annoyance is performance - liberal use of reflection and interface{} types mean allocation-heavy logging that shows up in profiles. The global logger pattern encourages coupling that makes testing harder. Hook management becomes cumbersome in larger applications, and the formatter interface requires more boilerplate than modern alternatives.

Type safety is minimal - Fields accept interface{} values, so you lose compile-time guarantees and IDE assistance. Error messages are basic, and when formatters fail, debugging can be opaque. With Go 1.21+ including slog in the standard library, Logrus feels like technical debt waiting to happen, though it remains perfectly functional for existing codebases.