You can add a configuration to mask sensitive information in all logs or logs that match the filter criteria you provide.

Note:
  • A log mask configuration is applied only to the logs that are ingested after you create and enable the configuration.
  • A log mask configuration is applied only to logs in which the FieldName field and the filter criteria have static fields.

Prerequisites

Verify that you are logged in to the vRealize Log Insight web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

Procedure

  1. Navigate to the Administration tab.
  2. Under Management, click Log Management and then click Log Masking.
  3. Click New Configuration.
  4. Enter a unique name for the log mask configuration.
  5. In the Field Name drop-down menu, select the field that you want to mask in the logs.
  6. In the Selector text box, enter the regex selector for the field value, which indicates the part of the field that you want to mask.
    You must express this value as a capture group in the regex. Capture groups are identified with enclosed parentheses (). You can have multiple capture groups inside a selector. To mask all the content for a specified field, you can set the selector as (.*).
  7. In the Mask Value text box, enter a value to replace the masked content of the specified fields, the default value for which is an empty string.
  8. Click Add Filter to define the logs for which you want to mask information. If you do not add a filter, all the logs are masked. To see the results of your filter, click Run in Interactive Analytics.
    Operator Description
    Matches Finds strings that match the string and wildcard specification, where * means zero or more characters and ? means zero or any single character. Prefix and postfix globbing is supported.

    For example, *test* matches strings such as test123 or my-test-run.

    does not match Excludes strings that match the string and wildcard specification, where * means zero or more characters and ? means zero or any single character. Prefix and postfix globbing is supported.

    For example, test* excludes test123, but not mytest123. ?test* excludes test123 and xtest123, but not mytest123.

    starts with Finds strings that start with the specified character string.

    For example, test finds test123 or test, but not my-test123.

    does not start with Excludes strings that start with the specified character string.

    For example, test filters out test123, but not my-test123.

  9. The log mask configuration is enabled by default. To disable the configuration, click the Enabled toggle button.
  10. Click Save.

Results

The log mask configuration appears in the Log Masking tab with information about whether it is enabled, the logs to which it is applied, and so on. You can enable or disable the configuration by clicking the Enabled toggle button.