Redacting client information

A system administrator can enable options to perform log redaction (redact client IP addresses from dump-log output or management vaults), which can help meet regulatory restrictions on collecting personally identifiable information.

Before you begin

Log redaction can be configured from two locations in the Manager Web Interface, which offer different behavior.

Redacting client information during log collection

Log collection redaction applies to access logs and HTTP logs (including rotated and zipped logs) as well as netstat output. The original contents of the logs is not redacted, but the dump-log content is redacted before it is sent to an SFTP or HTTP server.

Procedure

  1. On the Settings tab, navigate to Support > Logs > Log Collection.
  2. Enable Redact client information during log collection in the Privacy Controls section.
  3. Click Update.

Redacting client information from management vaults

Management vault redaction only applies to rotated and zipped access log files that were or are placed as objects in a device's management vault. Existing objects are downloaded from the management vault, unzipped, redacted, zipped, and placed back in the management vault.

Procedure

  1. On the Settings tab, navigate to Vaults > Management Vault.
  2. In the Management Vault Options section, enable Backup HTTP access logs and Redact client information. An "access log redaction time" must also be provided in the associated input field. The unit of the input is days. Any non-negative integer is valid up to 36500 (days). Rotated HTTP access logs in management vaults will not be redacted until at least "access log redaction" days have passed after the log was rotated. When Redact client information is enabled, a button to the Redaction Status Report displays.
  3. Click Update.