Parameters in your messages at times may be sensitive such that presenting these values in the logs is a security risk. GLU.Engines generate two types of logs where values may need to be controlled:
1 – Where Parameters are included in the PAYLOAD – controlled at the Transaction Level, and
2 – Where Parameters are printed in the log as PARAM – controlled at the Parameter configuration level.
PAYLOAD masks only mask Parameters in the Payload when printed in Log. The PAYLOAD mask does not mask the value when it is unmarshalled. To mask values when unmarshalled add a mask for the full string as it prints in the logs. PARAM masks are used to mask the value in the logs when it is unmarshalled.
To mask PAYLOAD values, at the ‘Transaction’ level, within the Transaction Manager Panel, use the ‘Mask PAYLOAD Values in Logs’ field to define the ‘tags’ for any values that need to be masked along with the GLU reserved word “GLU_MASK” (e.g. “username”:”GLU_MASK”) which will replace the value for username with “**********”.
Since tags are used, any payload value can be masked i.e. not just the parameter values within the payload. Tags to be masked can be copied from your payload template configuration and will vary depending on the type of payload (XML, JSON, SQL call, etc.).
The GLU_MASK value used is the full line, so if you complete the line entry with “username”: “GLU_MASK”, the value will also be included in the masking of username e.g. “**********”
To mask PARAM values, the ‘Mask PARAM Value in Logs’ checkbox (which by default is ‘checked’) must be unchecked.
Any payload tag (PAYLOAD logs) or parameter name (PARAM logs) that is configured to be masked will be masked in in all logs (INFO, WARN, DEBUG etc.) for all logs associated with a particular transaction.
