Sample configuration for masking sensitive data

The following sample configuration customizes the out-of-the-box log4j1 configuration, creates two sets of regular expression patterns, and associates them to Layout and Filter specifications.

Create a custom log4jconfig.xml file for each tenant and override the below mentioned yfs property in the <INSTALL_DIRruntime_sandbox>/properties/customer_ overrides.properties file. In addition, copy the contents of the out-of-the-box log4j1 configuration XML file to the custom XML file. For example,

log4j.configuration=resources/extn/log4jconfig.xml

In INSTALL_DIRruntime_sandbox>/resources/extn/log4jconfig.xml, configure the appender 'ALL' as follows:

<appender name="ALL" class="com.sterlingcommerce.woodstock.util.frame.logex.SCIAppender">
    <param name="rotateLogs" value="false" />
    <param name="maxLogSize" value="100000" />
    <param name="file" value="C:/Runtime/logs/sci.log" />
	<layout class="com.sterlingcommerce.woodstock.util.frame.logex.SCIFilteredPatternLayout">
	<param name="ConversionPattern" value="%d:%-7p:%t: %-60m[%X{AppUserId}]: %-25c{1}%n"/>
		<param name="FilterSet" value="tenant1-common-filter"/>
	</layout>
	<filter class="com.sterlingcommerce.woodstock.util.frame.logex.SCIPatternFilter">
		<param name="FilterSet" value="tenant1-suppress-filter" />
	</filter>
</appender>

Sterling Order Management System Software provides logfilter.properties property file to define the filters as a set of named regular expressions. Define the filters by overriding the properties provided in the logfilter.properties file in the<INSTALL_DIR>/properties/customer_ overrides.properties file.

# Replaces the text pattern Password=<password>, CCV=<cvv> and CreditCardNo=<cardNo> with the text mentioned in the replace property.

filterset.tenant1-common-filter.pattern.1=(Password|CVV|CreditCardNo)\\s*=\\s*(["']).*?\\2
filterset.tenant1-common-filter.replace.1=$1=****

# Suppress the text "CreditCardNo" and "SecureAuthenticationCode" in the log messages. (?i) indicates case-insensitive matching.

filterset.tenant1-suppress-filter.pattern.1=(?i)@creditcardno
filterset.tenant1-suppress-filter.pattern.2=(?i)@secureauthenticationcode

You can also define a common set of patterns and use it across multiple filters. This allows logical grouping and re-use of patterns.

filterset.<tenant specific filter>.includes=<common filter 1>,<common filter 2>,...

For example, set the following to include the out of the box paymentFilter pattern in tenant1's common filter.

filterset.tenant1-common-filter.includes=paymentFilter

For example, the default properties can be set in <INSTALL_DIR>/properties/customer_ overrides.properties instead of passing as parameters in both layout and filter specifications in the log4j1 appenders.

default.layout.filterset=tenant1-common-filter
default.filter.filterset=tenant1-suppress-filter