In some cases, there may be sensitive data in logs that need to be scrubbed. There are multiple places within the product to redact this information before it is available in the Event Data Cloud. The agent is the first place in the pipeline where this is possible.
Here is a video tutorial on how to remove sensitive information from logs. You can take a look at how to redact logs in the agent specifically here
Here is an example configuration of log redaction
logs: [ { path: "/var/log/app/*.log", attributes: {parser: "appLog"}, redaction_rules: [ // Delete all instances of password=... { match_expression: "password=[^& ]*" }, // Replace terms like "userInfo=username password" with "userInfo=username" { match_expression: "userInfo=([^ ]+) [^ ]+", replacement: "userInfo=\\1" } ] } ]
Comments
0 comments
Please sign in to leave a comment.