Skip to content

Cloud Log Obfuscation Rules

Logs generated by FusionReactor will not contain sensitive data such as passwords, credit card details or API keys by default.

Note

If you choose to disable obfuscation in the UI or log JDBC queries then obfuscation on logs may be required.

Application server logs or Logs scraped by FusionReactor may contain sensitive information depending on the application.

Before logs are shipped to the cloud, you have the option to obfuscate log content to remove sensitive information and ensure your data is secure.

You can create multiple obfuscation rules, allowing obfuscation to occur on different file groups and text patterns. Rules are applied on an aggregate, i.e. the top most rule is in force.

Example Obfuscation patterns

Description Log Pattern Regex Pattern Replace Value
Remove any password in any log file *.log .*passw.*[a-z]=.* passwordRedacted
Remove any auth values from any access log *access.log .*auth.*[a-z]=.* authRedacted
Remove any IP address in Nginx logs /opt/nginx/* .*client_ip\:.* ipRedacted
Remove any credit card information from FusionReactor logs /instance/tomcat/logs/* ^(?:4[0-9]{12}(?:[0-9]{3})? cardInfo

For hints on specifying logfile patterns see Logging Regex Pattern Hints