Cloud Log Obfuscation Rules¶
Logs generated by FusionReactor will not contain sensitive data such as passwords, credit card details or API keys by default.
Note
If you choose to disable obfuscation in the UI or log JDBC queries then obfuscation on logs may be required.
Application server logs or Logs scraped by FusionReactor may contain sensitive information depending on the application.
Before logs are shipped to the cloud, you have the option to obfuscate log content to remove sensitive information and ensure your data is secure.
You can create multiple obfuscation rules, allowing obfuscation to occur on different file groups and text patterns. Rules are applied on an aggregate, i.e. the top most rule is in force.
Example Obfuscation patterns¶
| Description | Log Pattern | Regex Pattern | Replace Value |
|---|---|---|---|
| Remove any password in any log file | *.log |
.*passw.*[a-z]=.* |
passwordRedacted |
| Remove any auth values from any access log | *access.log |
.*auth.*[a-z]=.* |
authRedacted |
| Remove any IP address in Nginx logs | /opt/nginx/* |
.*client_ip\:.* |
ipRedacted |
| Remove any credit card information from FusionReactor logs | /instance/tomcat/logs/* |
^(?:4[0-9]{12}(?:[0-9]{3})? |
cardInfo |
For hints on specifying logfile patterns see Logging Regex Pattern Hints