Masking sensitive information during logging using log4j
You can configure the log4j utility to filter log messages. This helps to prevent sensitive information, such as CVV codes, from being logged in the verbose log messages.
About this task
filterset.paymentFilter.pattern.1=(SecureAuthenticationCode=)(["'][^"']+["'])
filterset.paymentFilter.pattern.2=(&secureAuthenticationCode=)([^&]+[&])
filterset.paymentFilter.pattern.3=(&secureAuthenticationCode=)([^&]+)$
filterset.paymentFilter.replace.1=$1"***"
filterset.paymentFilter.replace.2=$1***
filterset.paymentFilter.replace.3=$1***
Sterling Selling and
Fulfillment Foundation provides a
default implementation for log4j Layout and Filter. The layout implementation is
com.sterlingcommerce.woodstock.util.frame.logex.SCIFilteredPatternLayout.class
and
the filter implementation is
com.sterlingcommerce.woodstock.util.frame.logex.SCIPatternFilter.class
.
The Layout implementation first delegates the log message to a normal PatternLayout
(org.apache.log4j.PatternLayout.class
) to get a formatted message. When the
formatted message is received, it filters the results based on a set of configurable regular
expressions, before finally returns a fixed string. A replace string can be provided for every
regular expression pattern and in case it is not provided then the matched text is replaced by the
default replacement string.
The Filter implementation enables you to match a message against a set of regular expressions and mask if it matches. Sterling Selling and Fulfillment Foundation provides an out-of-the-box log4j configuration XML with various appender specifications.
To mask sensitive information while logging perform the following: