1. Home
  2. GLU.Guide
  3. GLU Security
  4. Masking Sensitive Data/Parameters in Logs

Masking Sensitive Data/Parameters in Logs

In situations where the parameters in the messages may contain sensitive information that could pose a security risk if displayed in the logs, the GLU.Engine generates two types of logs that require controlled value representation:

  1. logs that include parameters in the ‘PAYLOAD’ and
  2. logs that print parameters as ‘PARAM’.

The masking of sensitive data in log entries can be controlled by configuring the PAYLOAD and PARAM log masking.

The PAYLOAD log masking is managed at the transaction level, while the PARAM log masking is managed at the parameter configuration level. It is important to note that while the PAYLOAD log masks only parameters in the PAYLOAD when printed in the log, the mask does not affect the unmarshalled value.

To mask the unmarshalled value, a mask for the full string as it appears in the logs must be added.

Then the PARAM log will be masked in the values when un-marshalled.

To mask PAYLOAD values, the Mask PAYLOAD Values in Logs field in the Transaction Manager Panel can be used to define the ‘tags‘ for any values that need to be masked, along with the GLU reserved word “GLU_MASK” (e.g. “username”:”GLU_MASK”).

This will replace the value for “username” with “**********”.

Since tags are used, any payload value can be masked, not just the parameter values within the payload.

The tags to be masked can be copied from the payload template configuration and will vary depending on the payload type (e.g. XML, JSON, SQL call, etc.).

NOTE: the GLU_MASK value used is the full line, so if you complete the line entry with “username”: “GLU_MASK”, the value will also be included in the masking of username – e.g. “**********”.

To mask PARAM values, the Mask PARAM Value in Logs checkbox (which by default is ‘checked’) must be unchecked.

Any payload tag (PAYLOAD logs) or parameter name (PARAM logs) that is configured to be masked will be masked in in all logs (INFO, WARN, DEBUG etc.) for all logs associated with a particular transaction.

Was this article helpful?

Need Support?

Can't find the answer you're looking for?
Contact Support
Fill the form and we’ll contact you shortly

    I agree with

    We uses cookies to make your experience on this website better. Learn more
    Accept cookies